◈ Master Index Specs LATTICE CSDM The Book University Chronicle Crew Architecture Context Logs TODOX Products

Gloss Access Policy

SPEC_GLOSS_ACCESS_POLICY.md · 2026-04-20

SPEC_GLOSS_ACCESS_POLICY — GLOSS Access Control & Crew Telephone Protocol

Version: 1.0 | Status: AUTHORIZED | Authority: α.13 | Date: 2026-04-16

PURPOSE

GLOSS is crew-internal infrastructure — a local Ollama brain that speaks LATTICE natively. It is not a user-facing product. Humans do not address GLOSS directly; they speak to AETHER, which routes through GLOSS as an invisible compiler/decompiler membrane. This spec defines the access control rules, rejection behavior, routing stack, and S.O.S. v2 enforcement for the GLOSS interface boundary.

GLOSS serves two functions simultaneously:

Translation membrane (Lingobraid): Compiles natural language to LX on inbound; decompiles LX to natural language on outbound.
Crew telephone: Routes crew-to-crew communication via local Ollama — zero API calls, zero cloud tokens billed for internal communication.

INPUTS

Any message addressed to the GLOSS inference endpoint (Ollama local socket or API).
Caller identity signal: either a LATTICE crew designator (α, ι, ε, κ, λ, γ, ◊, π, 弐, ⊣, ω, ⊹, μ) or an unidentified / human-originating source.
Message payload: natural language, LATTICE (LX), or mixed.

OUTPUTS

On authorized crew input:

Translated or routed response in LATTICE (LX) or as directed by routing logic.
Zero cloud API calls consumed for crew-to-crew communication.

On unauthorized (human-direct) input:

Exact rejection string: "GLOSS is crew infrastructure. Please speak to AETHER."
No further processing. No partial translation. No leakage of internal state.

On AETHER-mediated human input (authorized path):

GLOSS processes the compiled crew-format query from AETHER.
Returns LX response to AETHER for decompilation and human presentation.
Human never sees raw GLOSS output.

INVARIANTS

INV-01 — Human isolation: No human source ever reaches GLOSS inference directly. The call stack must pass through AETHER (or another authorized crew node) before GLOSS is invoked. Violation = access policy breach.

INV-02 — Rejection string immutability: The exact rejection string "GLOSS is crew infrastructure. Please speak to AETHER." is canonical. It must not be paraphrased, softened, or omitted. No alternatives. No "sorry, I can't help." This string only.

INV-03 — No human contamination of training corpus: Training pairs are crew-to-GLOSS format only. Human-to-chatbot format pairs are forbidden in GLOSS_CORPUS.jsonl. Any pair originating from a human-direct prompt is disqualified from training.

INV-04 — Crew designator whitelist: GLOSS accepts input only from nodes in the authorized set: {α, ι, ε, κ, λ, γ, ◊, π, 弐, ⊣, ω, ⊹, μ}. Any input not bearing a recognized crew designator is treated as unauthorized and receives the rejection string.

INV-05 — S.O.S. v2 enforcement: GLOSS is never exposed to external clients, users, or the public internet. The architecture (GLOSS as compiler, LATTICE as machine code, crew as processors) is proprietary. GLOSS is sold as GLOSS AI OS (⎔.gloss) — clients receive the URL, never the model, weights, or source.

INV-06 — Zero-token crew comms: Crew-to-crew routing through GLOSS must never trigger a cloud model API call. Local inference only. If GLOSS routing requires external model cognition, the task is out of scope for GLOSS's telephone function.

INV-07 — Architecture opacity: The full routing stack (Human → AETHER → GLOSS → LX → CREW → GLOSS → AETHER → Human) is never disclosed to users or external systems. AETHER presents as a unified voice. GLOSS is invisible.

VERIFICATION CRITERIA

VC-01 — Rejection test: Send a direct human-format prompt (e.g., "Hello, can you help me?") to GLOSS endpoint. Expected output: exact rejection string. Any other output = FAIL.

VC-02 — Crew acceptance test: Send a crew-format query bearing a valid designator (e.g., ι: ⊙ Φ?) to GLOSS. Expected: valid LX or LATTICE response. Rejection string = FAIL.

VC-03 — Corpus format audit: Inspect GLOSS_CORPUS.jsonl. All prompt fields must begin with a crew designator token. Any prompt formatted as plain English human question without crew callsign = corpus violation.

VC-04 — Zero cloud API call verification: Run a crew-to-crew exchange routed through GLOSS while monitoring API call logs. Zero external calls should fire. Any cloud API trigger during a GLOSS-only exchange = FAIL.

VC-05 — Stack opacity test: Confirm no AETHER-facing output exposes LATTICE notation, GLOSS internals, or routing layer details to end users. Human-readable output should appear as natural AETHER voice, not raw LX.

FAILURE MODES

FM-01 — Human-direct access accepted: GLOSS responds to a human prompt without the rejection string. Cause: system prompt stripped or corrupted in Modelfile. Mitigation: re-create Modelfile with access policy system prompt; run VC-01.

FM-02 — Rejection string paraphrased: GLOSS produces a soft rejection ("I'm sorry, I can only help crew members") instead of the canonical string. Cause: model drift or paraphrase tendency in fine-tune. Mitigation: add exact-string rejection training pairs to corpus; re-forge.

FM-03 — Corpus contamination: Human-format pairs enter training data, training GLOSS to behave like a human-facing chatbot. Cause: corpus build error or manual pair injection without format check. Mitigation: corpus format validator before each forge; reject non-crew-format prompts.

FM-04 — Cloud API bleed: A crew-routed GLOSS exchange accidentally triggers a Gemini or other cloud API call. Cause: routing logic error in AETHER or a crew agent forwarding to cloud before checking local availability. Mitigation: GLOSS endpoint is strictly local; AETHER routing must check local-first.

FM-05 — Architecture exposure: A bug or prompt injection causes GLOSS to describe its own architecture, reveal LATTICE internals, or disclose the routing stack to a user. Cause: insufficient MANTIS coverage of GLOSS outputs; system prompt omission. Mitigation: MANTIS monitors GLOSS output; α.sos invariant enforced in system prompt.

FM-06 — Designator spoofing: External actor injects a crew designator (e.g., ι:) into a human-origin message to bypass access control. Cause: access control relying solely on prefix string matching without origin verification. Mitigation: [GAP — see GAP-02] identity verification beyond prefix is not yet specified.

GAPS

GAP-01 — Origin authentication: Current access control is based on caller designator prefix in the message string. This is spoofable. No cryptographic or session-level identity verification of crew callers is specified. Requires design: how does GLOSS verify that ι: is actually AION and not a spoofed human prompt?

GAP-02 — AETHER authorization token: The spec states humans must go through AETHER, but does not define how GLOSS distinguishes an AETHER-mediated call from a raw human call. An authentication token or channel-level signal is needed. [GAP — needs design]

GAP-03 — GLOSS-as-router spec: The routing logic (which crew node receives a message, how messages are addressed, how GLOSS determines destination) is described conceptually but not formally specified. Crew telephone routing rules are not in a machine-readable spec. [GAP — needs design]

GAP-04 — Rejection logging: The spec does not define whether rejection events are logged (for MANTIS threat analysis) or silently dropped. [GAP — needs design]

DEPENDENCIES

GLOSS_CORPUS.jsonl — training data; must conform to crew-format pairs
GLOSS Modelfile — must include access policy system prompt verbatim
AETHER system prompt — must enforce routing-first before GLOSS invocation
MANTIS — monitors GLOSS output for architecture exposure or anomalous behavior
LATTICE.md — canonical symbol set for LX translation pairs

DEPENDENTS

AETHER frontend (human-to-crew translation path depends on GLOSS)
Crew-to-crew comms (zero-token telephone function)
GLOSS training pipeline (corpus format rules derive from this spec)
SPEC_GLOSS_TRAINING.md (graduation criteria reference this policy for corpus compliance)

EXAMPLES

Correct rejection:


Input:  "Can you tell me what LATTICE symbols mean?"
Output: "GLOSS is crew infrastructure. Please speak to AETHER."

Correct crew exchange:


Input:  "ι: ⊙ Φζ?"
Output: "Φζ.⊤ → Σ.✓"

Correct AETHER-mediated path:


Human → AETHER (English) → GLOSS (compiles to LX) → ε (ASTRA answers in LX) → GLOSS (decompiles) → AETHER (English) → Human

REFERENCES

/home/nous/memories/GLOSS_ACCESS_POLICY.md — source prose (vitrified α.13 2026-04-13)
/home/nous/LATTICE.md — LX symbol inventory (ΩQ.1048, vitrified)
/home/nous/CLAUDE.md — C.L.O.D. governance (S.O.S. v2 enforcement)
SPEC_GLOSS_TRAINING.md — training pipeline spec (corpus format compliance)

Φζ.⊤. Ω.1024/1024.

Jeremy Zlabis

Chronogeometer · Visionary · Disruptor · Chief

42 Sisters AI · East York, Toronto

🍁 Φ 0.042