Constitutional Framework

The Constitutional Machine

This document is the institutional companion to "Computational Republicanism: A Constitutional Orientation for the Agent Economy." That essay specifies the diagnosis, axiom, principles, and articles. This document specifies how they become enforceable. The Orientation states the rights; this document operationalizes them. Where the two conflict, the Orientation governs and this document is amended.

I. Definitions

The following terms carry specific constitutional meaning throughout. Each names a structural feature, not a contingent technology.

Coercive Computational Authority (CCA). Any entity — state agency, platform, protocol, or autonomous agent system — that exercises power over persons through computational processes at or above a threshold of systemic significance. Two gating tests determine inclusion:

Scale threshold. The entity must operate above a defined threshold of systemic significance, measured by user count, transaction volume, market share in the relevant domain, or dependency ratio (the proportion of affected persons for whom the entity constitutes a non-substitutable service). A small community forum does not meet the threshold. A payments platform that controls a merchant's revenue stream does, regardless of legal classification.
Procedural automation threshold. The adverse act must be materially mediated by automated or model-driven processes without contemporaneous individualized human deliberation. A human manager who fires an employee after personal review is exercising authority, but not coercive computational authority. A platform that deactivates a driver based on an algorithmic rating threshold without human review of the specific case is. The distinction tracks the locus of the constitutional problem: machine-speed coordination producing non-locatable accountability.

An entity that satisfies both tests is a CCA regardless of its self-description, legal form, or stated intent.

Coercive Computational Act. Any act by a CCA that restricts, denies, degrades, suspends, or eliminates a person's access to services, funds, credentials, reputation, communication, or economic participation. The act need not be intentional. Emergent effects of algorithmic classification, model retraining, and automated policy application qualify if they produce material adverse consequences for identifiable persons. An act is "material" when it plausibly changes a person's access to livelihood, housing, banking, insurance, employment, legal standing, or essential communication — not merely the visibility of speech in a discretionary feed, unless that feed is itself livelihood-critical for the affected person. The definition covers: account freezes and holds; deplatforming and service denial; content removal or distribution throttling where the creator's livelihood depends on the platform; credential invalidation or reputation suppression; algorithmic scoring changes that alter access to services; payment-rail severance; and automated denial of employment, housing, insurance, or credit.

Receipt. A structured, machine-readable, human-evaluable record of a coercive computational act, containing five mandatory fields:

Field	Content	Constitutional Function
Act	The specific predicate that fired, the specific state transition imposed	Names the harm so it can be evaluated
Authority	The specific rule, clause, or algorithmic threshold that triggered the act	Converts discretion into articulable authority
Bounds	Scope (which services affected), duration (how long), reach (associated accounts, family)	Enables proportionality review
Justification	Evidence or reasoning that triggered the action	Converts assertion into argument
Appeal Path	The mechanism for contestation, the timeline, the reviewing body	Converts doom into process

A receipt is issued at the time of the act. A provisional receipt — Act and Bounds filled immediately, Justification completed within forty-eight hours — is permitted for emergency actions. A receipt whose fields contain only template language satisfies the form but not the substance and is subject to challenge. Receipt schema is defined by the Standard-Setting Body and versioned for backward compatibility.

Appeal. A process for contesting a coercive computational act, reviewed by a party independent of the entity that took the action, operating on defined timelines, with the power to reverse or modify the action. Independence means: no contractual, commercial, or employment relationship between the reviewing body and the operator. An appeal reviewed by the entity that took the original action is reconsideration, not appeal. An appeal whose timeline exceeds the duration of the harm is autopsy, not contestation.

Proportionality tiers for review (illustrative calibration points; thresholds set by the Standard-Setting Body):

Severity	Examples	Review Requirement	Timeline
Critical	Payment freeze >$5K, account termination, credential invalidation, employment-determining action	Mandatory human review by independent arbiter	3–5 business days
Significant	Content removal, temporary restriction, rating adjustment affecting livelihood	Expedited algorithmic reconsideration + right to escalate to human review	5–10 business days
Routine	Temporary visibility reduction, minor threshold adjustment, informational flag	Algorithmic reconsideration + sampled audit by independent body	15 business days

Exit. The right to leave a coordination substrate without forfeiting the value accumulated within it. Exit is credible only when it preserves four layers:

Data — including relational context: network position, connection patterns, community memberships. Export formats defined by interoperability standards.
Identity — portable credentials attesting to performance. The credential travels with the person, not the platform.
Rules — governance formula, modifiable above the constitutional floor.
Protocol connections — interoperability preventing exit from becoming exile.

Portable Credential. A verifiable attestation of a person's performance, history, or standing that can be presented to any compatible system without requiring the issuing platform's permission or cooperation. Privacy-preserving mechanisms (zero-knowledge proofs, differential privacy, k-anonymity) protect counterparty data. The credential attests to what the person did, not to membership.

Settlement Layer. The substrate of record on which receipts, credentials, and constitutional commitments are registered. The editability constraint governs: no single actor, or plausibly coordinating bloc, can rewrite the record without publicly detectable cost.

Audit. Systematic inspection of a CCA's receipt stream by a body with the technical capacity and legal authority to identify patterns of abuse, deficient receipts, proportionality violations, and demographic disparities. Audit addresses systemic practice. Appeal addresses individual acts.

Delegating Principal. The persistent party at the end of every delegation chain — the entity that set the objective the computational process pursued, bears liability for its effects, and answers when the process has terminated. Infrastructure providers that did not set the objective are not the principal.

Designed Forgetting. The structured constraint on a system's memory through five operations (periods and thresholds below are illustrative defaults; calibration is a political determination made by the administering jurisdiction through democratic deliberation):

Operation	Function	Example
Expiration	Records leave the composition space after defined periods	Health records unrelated to ongoing treatment expire from commercial queries after seven years
Sealing	Records visible only to defined parties via due process	Completed misdemeanor convictions sealed from commercial background checks
Aggregation limits	No single system composes records across more than a defined number of domains without consent	Background-check companies cannot join health, criminal, and financial records into a single cross-domain portrait
Separation	Protocol-level barriers between domain databases	Social-media archive cannot communicate with professional-credential database without authorization
Amnesty	Jurisdictional determination that dismissed or resolved cases do not burden future prospects	Dismissed eviction proceedings expunged from housing databases after five years

Designed forgetting applies to records of persons. It does not apply to records of coercive authority.

II. The Separation of Powers

Four Institutional Separations

Issuers vs. Verifiers. The entity that issues a credential may not be the sole entity that can verify it. An employment credential issued by Platform A must be verifiable by Platform B, Auditor C, and Court D without requiring Platform A's cooperation. Monopoly over verification is monopoly over identity. Implementation: credential standards based on W3C Verifiable Credentials or equivalent, with resolution independent of the issuing platform.

Operators vs. Auditors. The entity that exercises coercive computational authority may not audit its own compliance. Independent auditors — publicly chartered or privately bonded, with access to receipt streams and the technical capacity to evaluate them — inspect operators the way financial auditors inspect banks: systematically, adversarially, with the power to compel disclosure. Auditor independence requirements mirror those of financial auditing: no commercial relationship with the audited entity, mandatory rotation, liability for negligent audit.

Rule-Makers vs. Adjudicators. The entity that sets the rules governing a coordination substrate may not adjudicate disputes arising under those rules. Standard-setting bodies draft the receipt format, portability requirements, and audit criteria. Arbitration bodies — independent, bonded, accountable to judicial review — adjudicate disputes. The separation prevents the rule-maker from interpreting its own rules in its own favor.

Credentialers vs. Identity Providers. The entity that attests to a person's performance is distinct from the entity that attests to a person's identity. A seller's reputation is credentialed by the transaction record. Her identity is attested by an identity provider. The two functions are separated at the protocol level to prevent any single entity from controlling both what a person can prove she did and who she can prove she is.

Institutional Blueprint: Payment Platform

How the separations work for a payment platform operating above the systemic-significance threshold:

┌─────────────────────────────────────────────────────────┐
│                    COURT SYSTEM                          │
│  Judicial review of Adjudicator decisions               │
│  Legislative override of Standard-Setting Body rules    │
│  Public accountability for Auditor charter              │
└────────────────────────┬────────────────────────────────┘
                         │
┌────────────┐   ┌──────┴───────┐   ┌──────────────────┐
│  STANDARD- │   │              │   │    INDEPENDENT    │
│  SETTING   │───│  ADJUDICATOR │   │     AUDITOR       │
│  BODY      │   │              │   │                   │
│            │   │ Reviews      │   │ Receives receipt  │
│ Defines:   │   │ individual   │   │ streams from      │
│ - Receipt  │   │ appeals.     │   │ Operator.         │
│   schema   │   │ Power to     │   │ Inspects for      │
│ - Porta-   │   │ reverse,     │   │ patterns,         │
│   bility   │   │ modify,      │   │ disparities,      │
│   standards│   │ award remedy.│   │ deficient receipts.│
│ - Audit    │   │ No commercial│   │ Publishes reports. │
│   criteria │   │ relationship │   │ Compels disclosure.│
│ - Propor-  │   │ with Operator│   │ Refers cases to   │
│   tionality│   │              │   │ Adjudicator.      │
└────────────┘   └──────────────┘   └─────────┬─────────┘
                                              │
                    ┌─────────────────────────┴──────────┐
                    │           OPERATOR                  │
                    │  (Payment Platform)                 │
                    │                                     │
                    │  Processes transactions.            │
                    │  Applies fraud-detection models.    │
                    │  Exercises coercive acts.           │
                    │  Issues receipt to affected person  │
                    │  + files copy with Auditor.         │
                    └─────────────────┬──────────────────┘
                                      │
                    ┌─────────────────┴──────────────────┐
                    │        AFFECTED PERSON              │
                    │                                     │
                    │  Receives receipt.                  │
                    │  May contest via Adjudicator.       │
                    │  May request audit referral.        │
                    │  May exercise fork rights.          │
                    └────────────────────────────────────┘

The Operator processes transactions, applies fraud-detection models, and exercises coercive acts (freezes, holds, restrictions). For every coercive act, it issues a receipt to the affected person and files a copy with the Auditor.

The Auditor receives receipt streams, inspects them for patterns of abuse, template justifications, proportionality violations, and demographic disparities. It publishes periodic reports. It compels disclosure of receipt metadata. It refers cases to the Adjudicator. It does not reverse individual decisions.

The Adjudicator reviews individual appeals. The affected person files a contestation. The Adjudicator evaluates the receipt against the rule invoked, the evidence cited, and the proportionality of the bounds. It has the power to reverse, modify, or uphold the action, and to award remedy including expedited release, compensation, and structural injunctions.

The Standard-Setting Body — a multi-stakeholder organization including platform representatives, civil-society organizations, technical experts, and affected-party advocates — defines the receipt schema, portability standards, audit criteria, and proportionality guidelines. It does not adjudicate. It publishes, reviews, and revises.

The Court System provides the backstop. Adjudicator decisions are subject to judicial review. Standard-Setting Body rules are subject to legislative override. Auditor charters are subject to public accountability. No element of the Constitutional Machine is beyond democratic contestation.

III. Implementation Pathway

Phase 1: Receipts and Appeal (Years 1–3)

Scope. Payment platforms, employment platforms, housing-eligibility systems, and critical-communications platforms above the systemic-significance threshold.

Requirements. Every coercive computational act produces a receipt with five fields. Every affected person has access to appeal with defined timelines and independent review. Provisional receipts permitted for emergency actions, with justification required within forty-eight hours.

Legislative mechanism. Modeled on existing consumer-protection frameworks:

TILA (Truth in Lending Act) model for financial disclosure requirements
FCRA (Fair Credit Reporting Act) model for adverse-action notice requirements
GDPR model for data-subject rights and penalty structures

Alternatively, regulatory mandate through existing agencies: CFPB for payments, FTC for platform practices, sectoral regulators for domain-specific applications. Early voluntary adoption creates compliance infrastructure and competitive pressure.

Institutional build.

Training and certification pipeline for independent arbiters
Receipt-schema standards through multi-stakeholder standard-setting process
Standardized verification software for receipt-adequacy evaluation
Verification-advocate roles analogous to public defenders — professionals who inspect receipts on behalf of affected parties lacking technical capacity

Phase 2: Portability and Fork Rights (Years 2–5)

Scope. All Phase 1 entities, plus social platforms, credential-issuing systems, and marketplace platforms above the threshold.

Requirements. Data portability in interoperable formats, including relational context. Portable credential standards. Protocol interoperability. Privacy-preserving mechanisms protecting counterparty data during export.

Legislative mechanism. Modeled on telecommunications portability:

Number portability → credential portability
Interconnection requirements → protocol interoperability mandates
Account-switching services → data-export standards with defined timelines

Credential-portability standards developed through industry consortia with regulatory backstop. Overlap with existing legislative proposals (ACCESS Act, Digital Markets Act) provides coalition surface.

Institutional build.

Independent audit bodies with technical capacity and legal authority
Portability standards through standard-setting organizations
Privacy-preserving export protocols (zero-knowledge proofs, differential privacy, secure multi-party computation)

Phase 3: Settlement and Audit Infrastructure (Years 3–10)

Scope. The settlement layer on which Phase 1 and Phase 2 commitments are registered.

Requirements. Receipt registries satisfying the editability constraint. Periodic independent audits with published reports and enforcement consequences.

Settlement-layer requirements calibrated by assurance level:

Assurance Level	Applications	Editability Requirement
High	Criminal-justice records, financial regulatory receipts, identity credentials	Thermodynamic grounding or equivalent: rewriting requires physical expenditure detectable by any participant
Medium	Payment-dispute receipts, employment-action receipts, housing-eligibility records	Multi-institutional architecture where no single actor, or plausibly coordinating bloc, can rewrite records without publicly detectable cost
Standard	Content-moderation receipts, marketplace dispute records, service-level records	Append-only logs with multi-party attestation and periodic anchor to higher-assurance layer

The constitutional question at each level: what would it cost to rewrite this record, and who would have to cooperate?

Institutional build.

Professional culture of computational auditing: standards, certification, liability for negligent audit, independence requirements
Cross-jurisdictional mutual recognition of audit findings
Settlement-layer interoperability standards allowing credentials and receipts to move between assurance tiers

IV. Coalition Map

Who Benefits Immediately

Small and medium business. Merchants whose livelihoods depend on platforms they do not control. The receipt regime makes the payment hold contestable. Fork rights make the platform replaceable. The potter whose ninety-day hold was disproportionate can fight it — and if the platform will not reform, she can leave without forfeiting her eight hundred reviews.

Gig workers and algorithmic labor. Drivers, delivery workers, freelancers subject to opaque ratings, undisclosed thresholds, uncontestable deactivation. The receipt converts algorithmic management from a black box into a contestable system. Coalition overlap with labor organizations is direct and immediate.

Civil liberties and privacy organizations. Civic asymmetry is their core commitment stated as constitutional architecture. The transparency direction aligns with existing advocacy for surveillance reform, data minimization, and algorithmic accountability.

Consumer finance reform. The receipt regime extends FCRA/TILA/ECOA to computational governance. Natural coalition with existing consumer-finance advocacy infrastructure.

Dissidents, journalists, and at-risk populations. Fork rights and settlement-layer integrity are existential for populations whose access to communication, payment, and identity can be severed by a state or platform.

Antitrust and interoperability advocates. Fork rights and portability standards directly advance interoperability-focused antitrust policy. Overlap with ACCESS Act and Digital Markets Act provisions.

Open-source and protocol-development communities. Open standards, interoperable implementations, and public standard-setting processes align with existing commitments.

National-security institutionalists. Auditability and receipt integrity serve institutional accountability interests. A receipt regime makes it harder for foreign platforms to operate opaquely within domestic markets. Settlement-layer integrity prevents adversaries from editing records undetectably.

Who Pays

Platforms above the significance threshold. Receipt requirements impose compliance costs. Portability reduces lock-in. Fork rights reduce switching costs. The cost is real. It is the cost of legitimacy.

Institutional build. Training arbiters, chartering auditors, developing standards requires investment. Funding: regulatory fees on operators, fines from deficient-receipt issuers, public investment in digital-governance infrastructure.

Who Fights

Lock-in-dependent platforms. Will argue portability compromises security, interoperability degrades quality, fork rights endanger privacy. Each contains a genuine concern wrapped in a structural defense of market position. Genuine concerns addressed in Phase 2 design. Structural defense overcome through legislative mandate.

Surveillance-advertising interests. Will argue targeted advertising funds the free internet. Response: the free internet is not free — its price is domination, invisible because the advertising model requires it to be.

State surveillance interests. Will argue national security. Response: civic asymmetry does not prohibit lawful surveillance under judicial oversight. It prohibits the inversion that makes every citizen visible to the state while the state's criteria remain invisible to the citizen.

The Three Wedge Lines

Three sentences that translate constitutional architecture into political grammar:

Receipts are consumer protection for the agent economy.
Portability is antitrust for the agent economy.
Designed forgetting is the civil rights act for the agent economy.

V. The Opponent Model

The Quiet Foreclosure is not an accident. It is a stable equilibrium maintained by four structural interests, each of which resists a corresponding constitutional commitment.

Interest	How It Profits	What Threatens It
Opacity	Decision criteria invisible to users → extraction without political response. The trust tax is invisible because visibility would invite competition.	Civic asymmetry — transparency obligations on authority
Lock-in	Non-portable data, credentials, reputation → retention through switching cost, not quality. Proprietary formats are not product features; they are structural barriers.	Fork rights — credible exit across four layers
Permanent memory	Comprehensive documented past as leverage over institutional future → risk pricing from decades-old data, employment screening from archived social media. The permanence is an asset.	Designed forgetting — temporal limits on personal records
Editable ledgers	The entity that controls the audit log can edit the audit log. Accountability is voluntary when the record-keeper can revise the record.	Thermodynamic grounding — editability constraint on settlement layer

These four interests — opacity, lock-in, permanent memory, editable ledgers — constitute the structural architecture of the Quiet Foreclosure. Each serves a constituency. Each generates revenue. Each is rationally defended by well-funded, politically organized entities. A constitutional orientation that does not name its opponents cannot defeat them.

VI. What This Is Not

Not crypto-libertarianism. The crypto-libertarian position holds that code is the only legitimate law and exit is the only legitimate remedy — that governance itself is the problem and sovereign individuals can coordinate without constitutional constraints. Computational republicanism argues the opposite: ungoverned coordination at machine speed is domination automated, because the party with the most compute, the most capital, and the most network effects will set the terms for everyone else, and "just fork" is not a constitutional guarantee when the fork costs more than the submission. The Protocol Republic requires institutions — auditors, arbiters, standard-setting bodies, appeal processes, verification advocates, professional cultures of impartiality — because constitutionalism is the technology for constraining power, and power does not constrain itself. Exit without voice is exile. Voice without exit is petition. The framework requires both, institutionally guaranteed.

Not techno-utopianism. A floor, not a ceiling. Magna Carta did not end tyranny. It specified what the governed could demand, in terms precise enough to argue over and durable enough to survive the arguing.

Not a party platform. Prior to any specific policy agenda. A social democrat and a market liberal can both operate within the constitutional floor, disagreeing about tax rates while agreeing that no computational authority exercises coercive power without a receipt.

VII. Open Questions

Constitutional documents that pretend completeness invite brittle implementation. The following questions are identified as requiring further development through multi-stakeholder deliberation:

Threshold calibration. What user count, transaction volume, or dependency ratio defines "systemic significance"? The answer is political, not technical, and different jurisdictions may set different thresholds.
Cross-jurisdictional enforcement. How are receipt and portability requirements enforced against entities operating across jurisdictions with different regulatory frameworks? Mutual recognition agreements, treaty-based coordination, and unilateral market-access conditions are candidate mechanisms.
Funding the institutional build. Who pays for arbiter training, auditor certification, standard-setting infrastructure, and verification advocates? Regulatory fees, penalty revenue, and public appropriation are candidate mechanisms, each with different political viability.
AI agent delegation chains (the hardest open problem). When an autonomous agent system exercises coercive authority on behalf of a delegating principal, and the agent was itself deployed by an intermediate service provider — who is the principal? The definition points to "the entity that set the objective," but complex delegation chains may require liability-allocation protocols that do not yet exist. This is the question most likely to break the framework if answered badly: a regime in which coercive authority can be laundered through delegation layers until no principal can be identified has recreated the very condition the architecture was designed to prevent. The concepts of "orphan commitments" and "the surviving principal" provide the analytical foundation, but the operational specification — who answers when the agent has terminated, the service provider has dissolved, and the objective was set by a committee that no longer exists — remains the framework's most urgent unresolved challenge.
Mercy calibration. What expiration periods, sealing conditions, and amnesty terms are appropriate for which domains? These are moral-political questions that require democratic deliberation, not technical specification.
Thermodynamic grounding at scale. If high-assurance settlement requires energy expenditure proportional to security, what is the acceptable energy cost for constitutional infrastructure? The question mirrors existing debates about the energy cost of military defense, judicial systems, and financial infrastructure.

This document operationalizes "Computational Republicanism: A Constitutional Orientation for the Agent Economy." Both documents together constitute the constitutional proposal. Neither is sufficient alone.

Trust was the price of ignorance; mercy is the price of omniscience.