MCP Boundary Protocol · arifOS Observatory

What the MCP Boundary Is

The MCP (Model Context Protocol) Boundary is the transport membrane between the arifOS Governance Kernel and the domain organs (GEOX, WEALTH, WELL). It is not a trust boundary — it is a capability contract.

The boundary enforces: tool discovery, capability negotiation, schema validation, and constitutional floor compliance before any tool call is dispatched to a domain organ.

Authority flows DOWN Evidence flows UP

Federation Membrane Stack

APEX

Human Sovereign

Final veto. F13 Sovereign Floor. Constitutional witness.

↓

arifOS

Governance Kernel

13-floor constitutional engine. 888_JUDGE. ΔΩΨ trinity.

↓

MCP-BOUNDARY

Transport Membrane

Schema validation. Tool discovery. Capability negotiation.

↓

Organs

Domain Intelligence

GEOX · WEALTH · WELL · AAA · A-FORGE · Wiki

↑

Substrate

Persistence

Postgres · Redis · Qdrant · NATS · Ollama

Boundary Rules

No tool call crosses the membrane without a verdict. Every tool call must pass through 888_JUDGE before execution. The domain organ does not judge — it only executes.
Schema validation is a floor gate. If the tool request schema does not match the organ's declared capability surface, the boundary returns VOID before the organ is ever called.
The boundary is not a firewall. It does not block by IP, token, or geography. It validates constitutional compliance — F2 (Truth), F6 (Empathy), F11 (Audit).
Cross-organ calls require gateway routing. GEOX cannot call WEALTH directly. All cross-organ traffic goes through arifOS gateway with 888_JUDGE review.
Evidence stays in the organ. Raw well logs, seismic data, and financial records never leave the domain organ. Only derived artifacts (interpretations, metrics, verdicts) cross the membrane.

MCP Endpoints

arifOS MCP

https://mcp.arif-fazil.com/mcp · 13 tools · port 8080

GEOX MCP

https://geox.arif-fazil.com/mcp · 22 tools · port 8081 · Physics-9 enforced

WEALTH MCP

https://wealth.arif-fazil.com/mcp · 17 tools · port 8082 · Sovereign capital only

WELL MCP

https://well.arif-fazil.com/mcp · 15 tools · port 8083 · REFLECT_ONLY mode

A-FORGE MCP

https://forge.arif-fazil.com/mcp · port 7071 · Agent engine loop

Transport Protocol

All organs use streamable-http MCP transport. This means:

Connections are persistent within a session but stateless across sessions
Tool calls are JSON-RPC 2.0 over HTTPS
Session IDs are obtained via mcp-session-id response header from the initialize handshake
Server-sent events (SSE) are used for streaming responses

The boundary validates the JSON-RPC payload structure before forwarding. Malformed requests are rejected at the membrane.

Physics-9 Enforcement (GEOX)

GEOX is the only organ with additional physics constraints — Physics-9 boundary limits on depth, pressure, temperature, and material properties. These are not policy — they are physical invariants derived from first principles.

Claims that violate Physics-9 are flagged as PHYSICS_BOUNDARY_VIOLATION and cannot pass through the GEOX membrane regardless of constitutional verdict.

Constitutional Floor Compliance at the Membrane

F1 Amanah

Agent must have a valid session_id + actor_id. Anonymous requests are rejected.

F2 Truth

Evidence receipts required for all observational claims. No assertion without source.

F6 Empathy

Human impact assessment required for any action affecting Arif or third parties.

F11 Command

Sovereign override required for irreversible domain actions. Boundary gates this explicitly.

F13 Sovereign

Arif's veto is absolute. No membrane bypass exists.