The Stake Was Governance Outside the Schema. MICA v0.1.5 Pulled It In
v0.1.0 through v0.1.4 made the schema more implementable. v0.1.5 was the first version to ask a different question — what if governance itself belongs inside the schema? Here is what that looked like, and what it still could not do.
Series
MICA SeriesPart 3 of 3
Glossary: terms used in this article
🔸 MICA (Memory Invocation & Context Archive): A governance schema for AI context management. Defines how context should be structured, trusted, scored, and handed off across sessions.
🔸 Provenance Registry: A structured, hash-anchored record of where each context item came from. Requires
uri, sha256, kind, created_at, and trust_class. Formalized as a required field in v0.1.5.🔸 Deviation Log: An auditable record of every change to a governed archive. Each entry requires
before_hash, after_hash, gate, approved_by, and rollback_ready. Formalized in v0.1.5.🔸 Semantic Validation Policy: A machine-evaluable rule set applied to context items. Each rule requires
id, expression, severity, and on_fail. Replaces string invariants in v0.1.5.🔸 Semantic Collapse: The pattern in which a JSON Schema specification is applied to an LLM as a runtime contract rather than as a validator. The LLM executes the schema semantically and produces a contract-compliant artifact. First demonstrated in v0.1.4.
🔸 Invocation: The mechanism by which a MICA archive reaches an AI session. Still absent at v0.1.5. Formalized as a required field in v0.1.8.
1. Where Part 2 Left Off
Part 2 documented three failures in v0.0.1: scoring with no defined semantics, invariants encoded as comments rather than constraints, and no path for the archive to reach the model at all.
The first two were fixable by adding structure. The third was different in kind — a schema without an enforcement path is not a governance schema at all.
This part covers v0.1.0 through v0.1.5. What the intermediate versions fixed. What experiment revealed the need for v0.1.5. And what was still missing at the end of it.
2. The Stake Nobody Pulled
There is an old story about elephants. A young elephant chained to a small stake learns it cannot move. Years later, fully grown, it still does not pull — not because the stake holds, but because the boundary became an unquestioned assumption.
In practice, what I kept seeing across LLM tooling discussions was exactly that. Technical provenance tracked inside the system, governance detail left in documents. Who approved a change, under what conditions, with what rationale — always a README, a review checklist, a comment. Never the schema. Semantic rules written as strings, described in documentation, reviewed by humans. Everyone knew the constraint. Nobody encoded it.
The stake was real. It was not immovable.
v0.1.0 through v0.1.4 did not question it.
The stake was a single assumption: governance lived outside the schema.
3. v0.1.0 to v0.1.4: More Implementable, Not Yet Inspectable
These versions addressed the first two failures from v0.0.1. In brief:
- v0.1.0: Scoring became implementable — hardcoded hints replaced with an explicit weighted formula:
clamp01(0.55 * sim + 0.15 * recency + 0.10 * invoke + 0.10 * trust + 0.10 * continuity). Two implementations now produce the same number for the same inputs.
- v0.1.0:
invoke_rolesemantics defined — each role got explicit score bonus, pin behavior, compile behavior, and eviction priority.
- v0.1.0: Eviction became a five-phase strategy — budget overflow had a defined sequence and a failure condition.
- v0.1.0: Error handling defined — eight failure modes, each with an explicit action and severity.
- v0.1.4: Description updated to include
"semantic enforcement"— required field count unchanged. The label was ahead of the implementation.
These versions made the schema reproducible to implement. They did not make governance inspectable.
design_invariants remained a plain string array. scoring_policy.function remained a free string in the JSON Schema. provenance_registry did not exist. The assumption from Section 2 was still in place.4. The Experiment That Revealed the Gap
In March 2026, a semantic collapse experiment was run against v0.1.4. The procedure was direct: provide the schema and session context to an LLM, instruct it to execute the schema semantically, and verify the output against all required fields.
The result was a fully contract-compliant artifact. Zero field violations. Zero type constraint violations. The scoring pipeline ran. The eviction log was correct. The audit trail was structurally preserved. The schema worked — as a semantic contract against an LLM runtime.
But the artifact also contained this:
"collected_at": "UNKNOWN". Every memory-tier item in the artifact carried this. The timestamp was not available. The schema had no mechanism to require it. The provenance claim could not be verified — not because the data was missing, but because the schema had no structure to anchor it.The experiment proved the schema was executable. It also proved that a contract-compliant archive could contain provenance that was structurally present but epistemically empty.
The same experiment revealed two more gaps. Design invariants were strings — the LLM read them, interpreted them, and applied them as best it could. But there was no
id to reference in audit output, no severity to determine handling, no on_fail to define consequence. And every change to the archive between sessions had no record. No before_hash. No approved_by. No rollback_ready. The archive changed silently.The semantic collapse experiment proved the schema was implementable. It also produced a precise map of what governance was still missing.
That map became v0.1.5.
5. The Question v0.1.5 Asked
v0.1.5 did not ask "what else should we add?"
It asked: what if governance itself belongs inside the schema?
Not as a description of what enforcement should look like. As a machine-evaluable structure that enforces it.
MICA v0.1.0 through v0.1.4 had followed the same pattern common in practice — governance detail kept implicit, schema focused on structure and scoring. The experiment made the cost of that pattern visible. v0.1.5 pulled three assumptions out of documentation and forced them into machine-readable structure.
6. What v0.1.5 Pulled In
Stake 1: Provenance was a field. v0.1.5 made it a registry.
The experiment artifact had
"collected_at": "UNKNOWN" on every memory item. Before v0.1.5, there was no mechanism to prevent that — or detect it.v0.1.5 introduced
provenance_registry as a required top-level structure. Each record:sha256 anchored the source to a specific state. trust_class declared reliability at registration — not inferred at use. created_at was now required — not optional, not "UNKNOWN". A context item's provenance claim could now be checked against the registry. If the hash did not match, the claim was false.Provenance had been a field on a document. v0.1.5 made it a verifiable record.
Stake 2: Changes happened. v0.1.5 made them auditable.
Between sessions, the archive changed. There was no record of what changed, when, under whose authority, or whether it could be undone.
v0.1.5 introduced
deviation_log as a required field. Each entry:before_hash and after_hash meant every change left a cryptographic record. gate associated the change with a defined governance checkpoint. approved_by declared authority explicitly. rollback_ready required the system to declare whether it could undo the change before committing it.Change history had been implicit. v0.1.5 made it a required audit trail.
Stake 3: Invariants were strings. v0.1.5 made them rules.
The experiment applied string invariants as best as the model could interpret them. There was no
id to reference in audit output, no severity to triage violations, no on_fail to define consequence.v0.1.5 introduced
semantic_validation_policy with structured rules:Each rule had an
id — referenceable in audit output. Each had a severity — determining how a violation was handled. Each had an on_fail — defining the consequence. A violation could now be detected, logged, and traced.
String invariants described what the system must not do. Semantic rules could detect when it did.
7. What v0.1.5 Still Did Not Have
Two things remained missing.
Scoring was still a free string at the schema level.
scoring_policy.function was still { "type": "string" } in the JSON Schema. The weighted formula from v0.1.0 was a specified convention — implementors who followed it produced the same number. But the schema could not enforce that they did. A conforming archive could contain any string in that field. The formula was real. The contract was not.The archive still had no path to the model.
invocation_protocol did not exist in v0.1.5. The provenance registry was hash-anchored. The deviation log was auditable. The semantic rules were machine-evaluable. A session could start with a perfectly governed archive — verified, logged, ruled — and the model would begin work with no instruction to locate it.The governance was visible. It was not yet operative.
8. What This Series Covers Next
Part 1 defined the problem.
Part 2 documented v0.0.1 — what it was and why its most fundamental failure took the longest to fix.
This part covered v0.1.0 through v0.1.5: how the schema became implementable, then auditable, and what it still could not do.
Part 4 covers v0.1.7 and v0.1.8: the fail-closed gate, the provenance enforcement boundary, and the version that finally made invocation a required field — the stake that had been in the ground since v0.0.1.
The series continues only where there is something concrete to specify, test, or correct.
MICA is part of the Flamehaven governance-first AI systems practice. Schema, technical report, and production instance: flamehaven.space. Open-source tooling: AI-SLOP-Detector. All schema references follow the v0.1.8.1 Universal standard unless a specific earlier version is named.
Share
Continue the series
View all in seriesPrevious in MICA Series
The Schema Existed. The Model Had No Way to Know.
Series continuation
This is currently the latest published entry.