# Architecture overview

Cognition OS is layered:

## Layer 0: Classic kernel
FreeBSD / Linux provides:
- process isolation
- memory protection
- basic resource controls
- device drivers
- confinement primitives (jails/namespaces)
- security primitives (Capsicum / seccomp+LSM)

## Layer 0.5: Cognitive kernel (control plane)
A minimal trusted base that provides:
- identity + provenance hooks
- capability minting and enforcement boundaries
- budget enforcement hooks (time/compute/context/risk)
- isolation domain management
- event bus for intent + constraints

This can begin as a userland daemon, later optionally gaining kernel hooks.

## Layer 1: Cognitive runtime (userland++)
Composable services:
- scheduler/router
- context manager
- memory services (working/episodic/semantic/symbolic)
- tool broker (sandboxed execution)
- policy engine (deterministic)

## Layer 2: Workers
Replaceable modules:
- LLM inference worker(s)
- retrieval workers
- verification workers
- perception workers (future)

## Invariants
- models do not directly invoke tools
- tool execution requires explicit capabilities
- provenance is produced for every side effect