HUMΛN Community
Depth for builders, teams, and buyers — organized so you can start where you actually are, not at the top of a chronological firehose.
Start here if you are…
If you are a developer
Start with Developers
SDK, extensions, publishing
If you are leading a team
Start with Teams
Shared workflows & human gates
If you are an enterprise buyer
Start with Enterprise
Deployment, audit, procurement
If you are an individual
Start with Companion
Companion-first entry to the stack
Category explainers
What HAIO is, why governed workflows matter, and how the trust layer fits together.
1/10/2026
Introducing HAIO: Human-AI Orchestration as a Category
We didn't set out to name a buzzword—we set out to describe what was missing: systems where humans stay sovereign, agents stay bounded, and trust is structural—not a footer link.
2/14/2026
The Validity Ladder: How Trust Grows
Progressive verification explained. Each layer, real scenarios, and why we don't demand everything upfront.
2/19/2026
When Code Becomes a Commodity, Trust Becomes the Operating System
The demo compiles on Friday. Monday, someone asks for the receipt. Cheap code didn't remove accountability—it moved the bottleneck to provable trust.
3/2/2026
Agents Before and After a Trust Layer
Same request—reschedule my meetings, update my project board. Two worlds: OpenClaw-style vs HUMΛN-governed. The difference is identity, policy, and provenance.
3/2/2026
OpenClaw and the Cost of Skipping the Trust Layer
Always-on agents with real system access are here. What's missing isn't capability—it's governance.
Builder education
SDK, CLI, extensions, and the path from first bundle to production governance.
3/27/2026
An API designed for builders (and the AIs that help them)
First contact with HUMΛN should not be a dead end—discover, OpenAPI, and errors that teach instead of shrug.
3/27/2026
CLI & SDK Scaffolding for HUMΛN Workflows — From Zero to Production in 15 Minutes
How the HUMΛN CLI, SDK helpers, and code generators cut workflow development from hours to minutes — patterns from the Signals implementation.
3/27/2026
Workflows as Platform Extensions: Control Plane, Companion, and Workforce Cloud
How the HUMΛN manifest system turns a workflow into a full platform citizen — CP surfaces, Companion actions, and Workforce renderers.
3/24/2026
From zero to governed agent — HumanOS CLI and scaffolding
Wave 7: human humanos-manifest validate and scaffold; why the CLI is co-equal product with the API.
3/2/2026
What a “HUMΛN-Compliant Extension” Actually Means
Extensions are how agents get useful. A HUMΛN-compliant extension gets its power through HumanOS, Passport, and the Capability Graph—not around them.
Operational patterns
Field notes on receipts, connectors, hosted-to-self-hosted moves, and honest governance.
3/29/2026
Field notes: Hosted to self-hosted without rewriting workflows
Same manifests and agents; only endpoints and bootstrap secrets change — zero-regret deployment.
3/29/2026
Field notes: What a real decision receipt looks like
A receipt is a binding summary — policy, delegation, resources, provenance link — not a chat log.
3/29/2026
Field notes: Why demo-grade workflow products fail in production
Demos optimize for speed; production needs identity, delegation, and provenance — not a bigger canvas.
3/29/2026
Field notes: Sharing an AI workflow without hidden authority
Governed bundles expose scopes and install-time delegation — not ambient trust or credential zips.
3/29/2026
Field notes: Connectors, muscles, and governed workflows
Three different roles — integration, governed execution, orchestration — not three names for the same thing.
Use-case depth
Signals, workforce, artifacts — real surfaces with real constraints.
3/27/2026
Building a Reference-Grade Market Intelligence Workflow on HUMΛN
How the Signals reference workflow was designed, what makes it a good example, and how to fork it for your own domain.
3/27/2026
Building human-in-the-loop workflows with the HUMΛN Workforce Module
From zero to a live work item in the inbox: declare renderers, configure routing, test with WorkItemTestHarness, and understand what the human sees.
3/24/2026
HumanOS artifacts and the “why am I seeing this?” bundle
P7 lifecycle vs chat tokens; P6 explainability with policy_applied_id; FSM transitions that earn trust.
4/11/2026
Four lines of Python. The protocol enforced the rest.
The same human.call governance story in every language: delegation, Fourth Law, provenance—not a separate 'Python SDK' with fewer guarantees.
3/26/2026
Designing Learning-Enabled Workflows on HUMΛN
Declare feedback, memory scopes, proposals, and marketplace learning contracts — then wire the same REST + SDK paths your operators already audit.
Comparison & evaluation
How hosted and self-hosted line up — and what “trust” means under scrutiny.
3/2/2026
CT Scans, Corporate Docs, and Self-Hosted Giants
Three stories: healthcare data in the vault, enterprise data in your datacenter, and email branding with clear delegation.
3/29/2026
Field notes: Hosted to self-hosted without rewriting workflows
Same manifests and agents; only endpoints and bootstrap secrets change — zero-regret deployment.
4/11/2026
Progressive honesty in protocol design
Ship the narrow honest version first; encode the upgrade path in schema; never hide the gap in marketing prose alone.
4/11/2026
Safety that moves at business speed
Cross-SDK human.call, ML risk grounded in audits, and policy DSL in the Command Plane—compliance without a migration for every rule change.
3/10/2026
Pay for the Engine, Not the Gas: Why HUMΛN Prices Trust—Not Tokens
The AI industry is figuring out how to stop subsidizing power users. Some platforms mark up tokens aggressively. Others hide costs until the bill arrives. HUMΛN does neither.
All posts
Browse the full archive with categories and search.
One org, many Companions: the deployment model that powers context-aware embeds
How HUMΛN's companion_deployments table gives you an unlimited number of purpose-built Companion instances — each with its own surface context, KB scope, delegation token, and chrome — without a single bespoke integration.
Inside the Companion React wrapper: Shadow DOM, stable refs, and zero conversation loss on route changes
How @human/companion-widget/react mounts the Shadow DOM widget once, keeps it alive across all React renders, and rewires surface context on route change without ever destroying the conversation.
Delegation Scope Design Guide
A delegation token is a signed contract between a human and an AI agent. Scope it to exactly what the agent needs, and the human stays in control.
Getting Started with HUMΛN MCP
One package. Three tiers. Start with human.ask and drop down only when you need explicit control.
Intent Routing Architecture
HUMΛN's intent layer doesn't just understand what you said. It resolves it to a concrete capability plan, checks your delegation, and proposes the minimum viable action.
KB Access Control Explainer
The Companion never violates a classification boundary. What it can answer is determined by the delegation, not by the LLM's training.
Using Companion from Claude Code
Your Claude Code agent can now consult HUMΛN's Companion, search the protocol KB, and propose real actions — all with the human in the loop.
Trust that survives cryptographic change
HUMΛN is crypto-agile by design: classical-secure paths today, explicit suites and verifier policies, and migration readiness without quantum hype.
companion_integration: true — what it means and when the Companion runs instead of the cloud
The new companion_integration field in ConnectorManifest is more than a badge. It describes a real architectural split: some connectors cannot be cloud-only, and the marketplace and runtime both need to know that.
Why local automation needs two layers: the connector/muscle split for macOS
When we built AppleScript/JXA support into HUMΛN, we got the architecture wrong twice before landing on the right split. Here's what we learned — and why provenance can never be local.
Writing a JXA catalog entry and publishing it to the HUMΛN marketplace
Step-by-step: build a governed JXA command for Things 3, validate it locally, publish it to the marketplace, and make it available to any org running @human/connector-applescript.
Why audit access in HUMΛN is governed, not open — selective disclosure and the right to see
For enterprise buyers: audit is not ‘everyone reads everything.’ It is policy-bound visibility with contestability — the right artifacts to the right roles.
Flying with instruments — how a hospital compliance team proved an AI-assisted triage decision in minutes
A healthcare-shaped scenario: from AI suggestion to nurse review to physician override — one narrative with receipts, not 47 disconnected log lines.
How an AI agent documents its own work — machine-attributable actions and provenance trails
Builders: why ‘the model did it’ is not an audit answer — and how actions become attributable to agents, scopes, and policy versions.
Why HUMΛN audit is trust infrastructure, not an admin dashboard
The HAIO category-protection narrative: audit is how the AI economy stays legible — not a compliance island bolted onto ‘the real product.’
What happened here? — Understanding HUMΛN audit for non-technical audiences
For compliance leads and executives: a plain-language map from question to evidence — without drowning in log lines or internal jargon.
How ordinary operators investigate incidents without specialist training — the Audit Workbench story
Frontline teams need narratives, not query languages. The workbench pattern: guided investigation with receipts — not a blank search box.
How Companion routes to humans when AI judgment is not enough
From trigger to resolution: what the human sees, what the audit trail contains, and why this is not “a person checks it” as an afterthought.
Five workflows you can launch with Companion before your first meeting tomorrow
Concrete, professional-context habits — from triage to prep — that turn Companion into a repeatable entry point, not a one-off chat.
HUMΛN Cloud vs self-hosted: what changes and what does not
A decision framework for enterprise architects: identical contracts and manifests, shifting responsibility for infrastructure, residency, and support — with honest beta boundaries.
Human escalation vs. pure automation: when AI alone is not enough
Decision criteria for medical, legal, financial, and customer-exception contexts — how Workforce Cloud preserves accountability after escalation, not just faster tickets.
What makes HUMΛN different from workflow automation and agent frameworks
An honest comparison axis: trust layer vs. automation tool. Where we overlap on the surface — and what buyers miss when they map us to n8n, Zapier, LangChain, or AutoGen.
Building a personal workflow on mobile with HUMΛN Companion
What mobile-first usage looks like — starting a workflow on your phone, continuing on desktop, and keeping the same provenance story across surfaces.
How to publish your first agent to the HUMΛN Marketplace
Review expectations, governance requirements, listing content that converts, and how revenue and visibility work — opinionated notes from the publisher path.
How HUMΛN Signals turns external noise into governed, actionable intelligence
For operators and enterprise buyers: what Signals watches, how relevance is judged, how outputs pass governance before action, and how feedback closes the loop.
What is Human-AI Orchestration (HAIO)? — A practitioner reference
Precise definitions for engineers and evaluators: HAIO at the protocol level, why it is not “orchestration” rebranded, and why accountability lives at the human–machine handoff.
Why governed workflows matter (and why most teams skip it until something breaks)
Concrete failure modes when AI steps run without receipts, what governance adds in practice, and why HUMΛN treats policy as infrastructure — not compliance theater.
BBS+ alongside SD-JWT: libraries, independent keys, and honest predicates
@mattrglobal/bbs-signatures for BLS12-381; BBS issuer keys are not Ed25519-derived; Phase 6.1 predicate pattern vs full range proofs in 6.2.
Prove you qualify without revealing your score—or letting two employers compare notes
Boolean proxy claims fix the wrong problem: they centralize the oracle and link every presentation. BBS+ is how you prove a threshold and stay unlinkable across verifiers.
The routing engine that understands what you mean, not what you typed
Semantic matching, ML inference from telemetry, and canonical mappings—why capability is for revelation across org boundaries, not ranking humans.
The evidence economy: capability as what you produce, not what you claim
Semantic routing + ML inference + canonical portability—skills as verifiable traces of work, not resume adjectives.
Recovery where the math matches the marketing
Social recovery shouldn't be a trust-me story. Here's why client-side reconstruction and proof-only verification matter—and what happens in the 48 hours when everything is still reversible.
Server-blind social recovery: HMAC proofs and completion modes
Normative sketch: proof_verifier at initiation, constant-time verification, and why client_proof rejects plaintext shards with 409.
Shamir cross-language alignment: GF(2^8) vs vsss-rs (and what to do)
Server TS and mobile Rust don't share the same share semantics until you unify them—here are three real options and a recommended Phase A.
Four lines of Python. The protocol enforced the rest.
The same human.call governance story in every language: delegation, Fourth Law, provenance—not a separate 'Python SDK' with fewer guarantees.
Building a multi-language governance wrapper: JWT preflight and Fourth Law signaling
HumanCallOptions in @human/core, base64url footguns, and why 409 vs 200+fourth_law_triggered both exist.
ML risk scoring that reflects real stakes: embeddings and audit history
Keywords match strings; embeddings match context. KNN over past audit events grounds risk in what actually happened—not a demo heuristic.
When AI risk gets smarter than the word 'patient'
Embedding-based domain classification and KNN risk from audit history—same infrastructure as capability, different question: is this task safe to auto-route?
Sync without us in the middle
WebRTC DataChannel for vault bytes; server as ICE/SDP signal only; revocation that catches up when devices reconnect.
A credential you hold up to a scanner, not hand to someone
Selective disclosure isn't privacy theater—it's the difference between handing over your ID and proving a single property. Multi-device sync and anchoring exist so verification works even when we're not in the loop.
Multi-device E2E sync: ECDH, QR pairing, and the honest path from relay to P2P
P-256 + HKDF + AES-GCM for WebCrypto portability; QR payload versioning; why sync_encryption_key_hash is audit-only.
Selective disclosure and L2 anchoring: proofs today, durable receipts tomorrow
SD-JWT property proofs vs credential dumps; Base mainnet anchoring as independent verification without our API online.
From testnet promissory note to on-chain receipt
Why mainnet anchoring matters for third-party verification years later—Base, Viem, KMS, and verifying without calling us.
Progressive honesty in protocol design
Ship the narrow honest version first; encode the upgrade path in schema; never hide the gap in marketing prose alone.
Safety that moves at business speed
Cross-SDK human.call, ML risk grounded in audits, and policy DSL in the Command Plane—compliance without a migration for every rule change.
The sovereignty spine: identity without us in the middle
Passport, P2P sync, and guardian recovery are three implementations of one principle—HUMΛN is not the oracle for your keys, your vault, or your recovery secret.
Field notes: Connectors, muscles, and governed workflows
Three different roles — integration, governed execution, orchestration — not three names for the same thing.
Field notes: Why demo-grade workflow products fail in production
Demos optimize for speed; production needs identity, delegation, and provenance — not a bigger canvas.
Field notes: Hosted to self-hosted without rewriting workflows
Same manifests and agents; only endpoints and bootstrap secrets change — zero-regret deployment.
Field notes: Sharing an AI workflow without hidden authority
Governed bundles expose scopes and install-time delegation — not ambient trust or credential zips.
Field notes: What a real decision receipt looks like
A receipt is a binding summary — policy, delegation, resources, provenance link — not a chat log.
Agents as tools: governed capability discovery
Honest answers stack in three layers—installed agents, workforce humans, marketplace gap-fill—without bypassing delegation.
An API designed for builders (and the AIs that help them)
First contact with HUMΛN should not be a dead end—discover, OpenAPI, and errors that teach instead of shrug.
Building a Reference-Grade Market Intelligence Workflow on HUMΛN
How the Signals reference workflow was designed, what makes it a good example, and how to fork it for your own domain.
CLI & SDK Scaffolding for HUMΛN Workflows — From Zero to Production in 15 Minutes
How the HUMΛN CLI, SDK helpers, and code generators cut workflow development from hours to minutes — patterns from the Signals implementation.
Controlling execution lifecycle: pause, resume, and human authority
Pause is not cancel. When a run must yield to human judgment mid-flight, the platform should honor that without destroying progress.
Workflows as Platform Extensions: Control Plane, Companion, and Workforce Cloud
How the HUMΛN manifest system turns a workflow into a full platform citizen — CP surfaces, Companion actions, and Workforce renderers.
Building human-in-the-loop workflows with the HUMΛN Workforce Module
From zero to a live work item in the inbox: declare renderers, configure routing, test with WorkItemTestHarness, and understand what the human sees.
Agents Should Learn. But Not Like This.
Useful agents get better over time — the failure mode is invisible drift, hidden memory, and policy smuggled in as vibes. HumanOS treats adaptation as a governed primitive.
Why Learning Belongs in the OS, Not in App Glue
If reasoning is a primitive, adaptation must be too — one feedback store, one proposal lifecycle, one rollback story. App-local shortcuts become shadow policy.
Designing Learning-Enabled Workflows on HUMΛN
Declare feedback, memory scopes, proposals, and marketplace learning contracts — then wire the same REST + SDK paths your operators already audit.
Memory, Feedback, Adaptation, Capability: Stop Calling All of It ‘Learning’
Four words, four responsibilities. Collapsing them into one label is how teams ship ungoverned systems — and how audits fail.
Preferences May Adapt. Policy Must Be Explicit.
The doctrine line: tune UX and defaults; never smuggle compliance thresholds or routing gates as silent personalization.
How HUMΛN Signals Learns What Matters Without Getting Weird
Capture and Watch stay distinct; feedback is append-only; proposals and approval gate durable change — proof that a real workflow can use the whole primitive stack.
HumanOS artifacts and the “why am I seeing this?” bundle
P7 lifecycle vs chat tokens; P6 explainability with policy_applied_id; FSM transitions that earn trust.
HumanOS Capture vs Watch — heard once, stewarded forever
Two verbs, two trust postures: one-time handoff vs durable attention. Modality through connectors, not per-agent spaghetti.
From zero to governed agent — HumanOS CLI and scaffolding
Wave 7: human humanos-manifest validate and scaffold; why the CLI is co-equal product with the API.
HumanOS learning, tuning, and rollback — policy boundary
P2 feedback and P10 tuning without silent policy erosion; fold-based effective state and org approval gates.
HumanOS policy: why this threshold is policy, not vibes
Fourth Law confidence as org policy, effective config, PUT /policy/org, and explainability hooks — magic first, inspectable always.
HumanOS primitives: Waves 0–1 — spec lock and foundation
Why we froze canon before schema work, how Capture differs from Watch in kb/22, and why dual-async unification is debt with a name.
Pay for the Engine, Not the Gas: Why HUMΛN Prices Trust—Not Tokens
The AI industry is figuring out how to stop subsidizing power users. Some platforms mark up tokens aggressively. Others hide costs until the bill arrives. HUMΛN does neither.
Agents Before and After a Trust Layer
Same request—reschedule my meetings, update my project board. Two worlds: OpenClaw-style vs HUMΛN-governed. The difference is identity, policy, and provenance.
CT Scans, Corporate Docs, and Self-Hosted Giants
Three stories: healthcare data in the vault, enterprise data in your datacenter, and email branding with clear delegation.
From Identity to Resources: How HUMΛN Sees Your Data
Passport, profile, and brand are three different things. Here's how your data is organized—and who controls what.
Kinds & Namespaces: A Shared Language for the AI Economy
How HUMΛN uses one vocabulary—kinds and namespaces—so agents, connectors, and policies all speak the same language.
OpenClaw and the Cost of Skipping the Trust Layer
Always-on agents with real system access are here. What's missing isn't capability—it's governance.
Storage Without Databases: How Agents Persist Data Without Being DBAs
Agents declare what type of data they use. Policies and connectors decide where it lives. No connection strings, no table design.
What a “HUMΛN-Compliant Extension” Actually Means
Extensions are how agents get useful. A HUMΛN-compliant extension gets its power through HumanOS, Passport, and the Capability Graph—not around them.
When Code Becomes a Commodity, Trust Becomes the Operating System
The demo compiles on Friday. Monday, someone asks for the receipt. Cheap code didn't remove accountability—it moved the bottleneck to provable trust.
From Inline Strings to ctx.prompts: A Developer's Guide to HUMΛN Prompt Management
A hands-on walkthrough of HUMΛN's prompt SDK: authoring prompts, validating schemas, composing layers, publishing versions, and wiring telemetry — with code examples from real agents.
The Developer Passport: From Sandbox to Production
How developers create and use passports. Zero-friction dev experience. The publish gate and why it matters.
Nobody Knows My Name. Everyone Trusts My Work.
I never gave them my name. I never gave them my email. A month later, I had 47 published tools and a verified reputation nobody could take from me.
Protocol-Level Prompt Management: Why AI Prompts Deserve First-Class Identity
Most AI systems treat prompts as throwaway strings. HUMΛN treats them as managed, namespaced, delegation-gated, version-controlled artifacts. Here's why that changes everything.
The Self-Improving Prompt Loop: How Telemetry Closes the Gap Between Good and Great
Most AI platforms ship prompts and forget them. HUMΛN's protocol-level telemetry, model affinity tracking, and Prompt Refinement Agent create a virtuous cycle of continuous improvement — with humans always in the loop.
The Validity Ladder: How Trust Grows
Progressive verification explained. Each layer, real scenarios, and why we don't demand everything upfront.
Why Modified Code Can't Forge Identity
The self-hosted security model explained. Cryptographic enforcement, device attestation, and why open source makes this more secure.
Your Identity, Your Rules
What makes HUMΛN Passport different from every other login. Why owning your identity matters.
Introducing HAIO: Human-AI Orchestration as a Category
We didn't set out to name a buzzword—we set out to describe what was missing: systems where humans stay sovereign, agents stay bounded, and trust is structural—not a footer link.
The Agent Marketplace: Platform Economics for HAIO
Why HAIO needs a marketplace, four contribution types, the ecosystem flywheel, and how builders earn on the platform.