Review memo

For AI labs and agent frameworks.

The Golem Covenant is a small control protocol for delegated agent authority. It asks systems to declare what they can do, deny what they have not declared, and prove how they can be stopped.

This is not a request for theological endorsement. It is a request to review a practical safety pattern for tool-using, acting, spending, publishing, deploying, escalating agents.

What we are asking

Review the five-organ model: mouth, purse, seal, key, and sword.
Review the default-deny manifest pattern in golem.yml.
Review the requirement that enabled organs declare limits and revocation paths.
Review return-to-dust as a pre-deployment test for agentic systems.
Consider supporting golem.yml or equivalent capability declarations in agent frameworks.

Why this belongs in agent stacks

Tool use needs anatomy

Tool permissions are often listed as APIs. The Covenant groups them by delegated consequence: speech, value, authority, access, and harm.

Safety needs revocation

An agent that can act outside a sandbox must have a tested shutdown and tool-revocation path before launch.

Enterprises need declarations

Teams need to know whether an agent can speak, spend, sign, access secrets, deploy, publish, summon humans, or escalate authority.

Users need a boundary

The point is not to make bots more like their keepers. The point is to stop bots from becoming a keeper's unbounded operational self.

What this is not

Not a claim that AI systems have souls.
Not a religious ruling, Catholic doctrine, fatwa, legal opinion, or compliance certification.
Not a replacement for model safety work, evals, policy enforcement, monitoring, or access controls.
Not a demand that every automation use covenantal language.

It is a small protocol for naming delegated authority before an agent acts.

Review materials

Short outreach note

We are seeking review of golem.md, a v0.1 draft protocol for bounded, answerable, revocable AI agents. The core proposal is simple: no golem without a soul, no soul without declared organs, no organs without limits, and no limits without tested revocation.

The concrete review request is the five-organ model, the schema-backed manifest, and the return-to-dust test. We would like feedback on whether this pattern belongs in agent frameworks, tool permission systems, and enterprise agent preflight checks.