Core primitives.

First-class entities with stable IDs and configurable mutability (immutable, amendable by simple/super majority, amendable only by referendum). Patches cite articles by ID with declared relevance (supporting, tension, opposing).

A configurable state machine. Default stages: drafting → critique → risk assessment → execution → bias review → operator sign-off → published. Stages are separate agent runs. Rejection sends a patch back to drafting with a structured reason.

Patches are tagged regular, cross-cutting, or constitutional. Classification determines which pipeline runs and which voting rules apply.

Internal votes (binary at critic stage, multi-head at cabinet stage) and external advisory votes from registered citizens. Quorum, majority rules, and supermajority thresholds are configurable.

Any agent at any stage can file a dissent. Dissents are first-class entities, attached to the patch, published as minority opinions in the parliamentary tradition.

A dedicated review stage that surfaces epistemological bias in agent output — assumptions inherited from training data that don't match the configured constitution or local context.

The final gate before any artifact reaches the public. Operators can intercept the pipeline at any stage; they can only approve at the end. Overrides of internal votes are recorded, never silenced.

Event-sourced, append-only. Every state change is an event. Current state is a projection over events. Nothing is ever mutated or deleted.

Anonymous, registered (free), supporter (paid). Per-deployment configuration of what each tier sees and can do. Time-delayed access supported natively.

Citizen forum threads are processed by a sandboxed ingestor agent — no tools, no host capabilities, structured-output only — that emits typed FeedbackSummary artifacts. Other agents read summaries, never raw user input. Prompt-injection-resistant by construction.

Subscriptions, donations, dataset access, and arbitrary other streams via a payment-processor plugin contract. Each stream has a transparency level set by the operator with a recorded reason.

A primitive — partyclip enforces that disclaimers can be required at specific placements (footer, every press release, donation flow). Parties supply the text.