Framework design upload

examples/failure-handling.md

@@ -0,0 +1,8 @@
+# Failure handling (draft)
+
+## Hallucination / unsafe tool request
+- Worker proposes a risky action
+- Policy engine denies capability grant
+- Runtime returns a refusal or asks for confirmation per policy
+- Provenance logs the denial event
+

examples/minimal-flow.md

@@ -0,0 +1,11 @@
+# Minimal flow (draft)
+
+1. Client submits an `Intent` with `Constraints`.
+2. Runtime creates/uses a `domain_id`.
+3. Runtime invokes a worker to draft output.
+4. If tools are needed:
+   - runtime requests a capability from cognitive kernel
+   - tool runs in isolated domain with scoped authority
+5. Runtime synthesizes final `Result` with provenance links.
+6. Optional: memory commit is gated by policy and logged.
+

examples/tool-invocation.md

@@ -0,0 +1,12 @@
+# Tool invocation (draft)
+
+## Scenario
+User asks for DNS lookup.
+
+## Flow
+- Intent: "resolve A/AAAA for example.com"
+- Constraints: no network egress beyond DNS, low risk, small budget
+- Tool broker requests cap for `dns_lookup` tool
+- Tool runner executes with only required network access
+- Output is validated, logged as an Event, and returned
+