The three-primitive architecture

Three atoms turn stateless AI
into a colleague.

Capabilities are signed, typed callable contracts — the only way our agent produces facts. Cases are durable working memory that persists across sessions and audit-logs every action. Goals are standing directives the agent pursues between your prompts.

Start free trial See it work
14-day free trial · No credit card required · Cryptographic receipts on every invocation
CapabilityThe HOW

Signed, typed, callable contracts.

capability
slug: compute-renewal-risk
kind: grounded_llm
signers: ⌃ Sarah, ⌃ Mark
CaseThe WHAT-IS-HAPPENING

Durable working memory, append-only event log.

case
type: Hire(Sarah Chen)
events: 7
status: in_progress
GoalThe WHY-AND-TOWARD-WHAT

Standing directive with success criteria.

goal
title: Hit Q3 ARR $4.5M
criteria: 2 of 3 met
horizon: quarter
The problem

Stateless AI breaks at three places.

ChatGPT Teams, Copilot, Glean, custom RAG — they all share the same shape: a chat box that takes a prompt, generates a paragraph, forgets when the tab closes. A colleague has memory, commitments, and doesn't make things up. The architecture has to deliver these by construction, not by prompt-engineering.

No memory of company state

Every conversation starts from zero. The agent doesn't know what's currently in flight, who owns what, what was decided last week.

No commitment to outcomes

The agent answers the immediate question. It has no concept of standing objectives. It cannot pursue work between prompts.

No structural prevention of hallucination

Even RAG-with-citations is the LLM reading prose and generating prose — the interpretation step is where freelancing happens.

Ctrl AI's answer: three atoms — Capability, Case, Goal. Skills, memory, direction. Everything an agentic company needs.

The three primitives

Skills. Memory. Direction.

Adding more primitives multiplies complexity without adding expressiveness. Three atoms cover the structural decomposition; a fourth would be a feature catalog, not a deeper architecture.

Capability

How do we do this?

Reproducible · atomic

One specific thing the AI is allowed to do — written like a job description: typed inputs, typed outputs, signed by a real person at your company.

Language
Verb (the action)
Management
SOP / runbook / signed function
See it run
Case

What is happening?

Multi-session · accumulating state

A structured object representing one in-flight decision — Hire #42, Loan #1234, Renewal Acme. Append-only event log doubles as the audit trail.

Language
Noun (the instance with state)
Management
Project / engagement / ticket
See it run
Goal

Why and toward what?

Bounded horizon · today → quarter+

A standing directive. The agent surfaces it on every relevant turn, fires triggers as the deadline approaches, links new Cases as they emerge.

Language
Predicate (intent toward future state)
Management
OKR / objective / sprint commitment
See it run
01 — Capability

The HOW — signed, typed, callable.

Every Capability has six parts. Inputs and outputs are typed. The implementation is one of five kinds. A real person at your company signs it. When something goes wrong, the named signer is the escalation path — not a vendor.

compute-renewal-riskgrounded_llm
Inputs
customerId: string
healthScore: number
Outputs
verdict: "watch" | "escalate" | "churn"
openRisks: string[]
Implementation
Constrained-LLM with tool_choice, response schema enforced
Post-conditions
verdict in {watch, escalate, churn}
openRisks.length >= 1
Rationale
Single source of customer-renewal risk. Inputs come from the CRM lookup; output drives the renewal-engagement Case.
Signers
Sarah+Markdual-signed (destructive)
/api/capabilities/compute-renewal-risk · invocation
Every successful invocation is signed and anchored to a tamper-evident transparency log. External parties verify offline.

Five implementation kinds

deterministic
Code in a sandbox. Math, threshold checks, lookups.
grounded_llm
LLM judgment locked to a typed schema. Post-conditions mandatory.
data_lookup
Pure retrieval via a connector. Salesforce, your CRM, your DB.
composed
Multi-step procedure chaining other Capabilities. Each step signed.
external_action
Side-effecting writes. Slack, email, CRM updates. Always gated.
02 — Case

The WHAT-IS-HAPPENING — durable working memory.

A Case is a structured object representing one in-flight decision: a hire, a deal, an escalation. Every Capability invocation that touches a Case appends a CaseEvent. The audit trail is not a sidecar — it falls out of the architecture.

Hire(Sarah Chen)in_progress
live state
NameSarah Chen
Start Date2026-06-01
TeamFinance
Email
Laptop Status
JIRA Account
Welcome Kit
projected from 0 events
Append-only event logDay 0 → Day 7
  1. Day 0createdagent
    Hire(Sarah Chen) · start 2026-06-01 · Finance
  2. Day 0invocationprovision_emailagent
    → schen@acme.com
  3. Day 0invocationorder_laptopagent
    laptop_status: ordered
  4. Day 1progress noteuser
    Signed offer letter.
  5. Day 4gate decisionprovision_jira destructiveagent
    destructive — gate fired, approver: ⌃ Sarah
  6. Day 4gate decisionuser
    approved
  7. Day 4invocationprovision_jiraagent
    JIRA account created
  8. Day 7invocationsend_welcome_kitagent
    kit dispatched · receipt #6184
Each event references a signed Capability receipt. Pick up the case in any session — the full provenance is there.
03 — Goal

The WHY — a standing directive the agent pursues.

A Goal commits to an outcome by a horizon. Success criteria are structured. Some carry an expression that auto-evaluates after every relevant Capability invocation — so the agent measures progress without you typing a thing.

ActiveQuarterCritical signed by ⌃ Sarah

Hit Q3 revenue target $4.5M ARR

Quarterly revenue commitment. Closes a mix of new logos and expansion. Due Sep 30, 2026.

Success criteria0/3 · 0%
Forecast coverage ≥ 80% of target ARR
autooutputs.forecastArr >= outputs.targetArr * 0.8
All Q3 expansion deals advanced past Discovery
CFO-signed pipeline review on file
Linked Capabilities · lookup-crm-pipeline-summary · summarize-renewal-risk
Auto-eval after every invocation

The natural hierarchy

Company DNA
open · always-on
Quarter goal
3 months
Sprint / week
1–4 weeks
Today
hours · days
Now / asap
this turn · ephemeral
Every Goal nests under another. Quarter goals decompose into sprint goals decompose into today goals — the agent surfaces the highest-leverage rung on every /ask.
Composition in /ask

Goals surface. Capabilities act. Cases remember.

User opens /ask. The prelude already knows what's in motion.

Sarahnotes

Your active goals:

  • Close Q3 books by April 5 · 3 days · 71% complete · 7 unmatched invoices
  • Onboard Mark Liu by April 12 · 8 days · 30% · laptop ordered, JIRA pending
  • Hit Q3 revenue target · 64 days · forecast 84% of target · 5 deals in pipeline

Highest-leverage right now: 5 of the 7 unmatched invoices fit our standard reconciliation pattern. I've drafted resolutions, awaiting your sign-off. Approving moves Q3-close from 71% → 90%. Want to walk through the 5 quick approvals first?

Under the hood (one /ask turn)
prelude active goals, in-flight cases, related capability slugs ranked
tool invoke_capability("reconcile-invoice", inputs, case_id)
· post-conditions checked · receipt signed · CaseEvent appended
auto-eval Goal criteria expressions evaluated; matched ones flip met
synthesis prose with [cap:reconcile-invoice#inv_84] citations · trust: verified
One minute later: a quarter-horizon Goal moved 19 percentage points without a single typed question.
The architectural commitment
"The LLM produces only prose narration. Every factual claim traces back to a typed Capability invocation, cited inline. The synthesis turn is rhetoric, not knowledge."

This is the rule that makes hallucination structurally hard rather than statistically less likely. Capabilities are the only source of fact. Every claim ships with its trust level visible.

Trust gradient — five honest answer modes
Verified
A Capability ran and post-conditions passed.
The answer is the typed output of the invocation.
Grounded
A signed narrative Capability quoted verbatim.
No paraphrase — the agent presents signed prose with attribution.
Partial
Some claims grounded, some narrative, some synthesis.
The answer marks each piece by where it came from.
Degraded
A Capability ran but a warn-level invariant tripped.
The signer is notified; the user sees a clear advisory marker.
Neural
No signed knowledge covers this — coverage gap flagged.
The agent proposes routing to the most likely owner and drafts a candidate Capability.
The agentic operating layer

/ask is just the simplest mode.

The same three primitives serve every shape of work — proactive agents, multi-step procedures, cross-department reasoning, the company as a typed API for other AI tools.

Mode B

Triggers

Capabilities fire on cron, events, thresholds, webhooks, and goal-state. Proactive agents that don't wait to be asked.

Mode C

Long-running cases

Multi-session decisions accumulating in a Case. Pick it up in any session — full provenance is there.

Mode D

Cross-system orchestration

External writes through external_action Capabilities — every destructive step pauses for human approval via Slack magic-link.

Mode E

Multi-agent

Department agents call each other through consult_agent. Multi-department reasoning, every step signed.

Mode F

Self-improvement

Coverage-gap signals propose new Capabilities. The catalog sharpens itself — daily.

Mode G

Company-as-MCP

Your verified, non-destructive Capabilities project as MCP tools. Claude Desktop, Cursor, Code — they all call your governed contracts.

Versus everything else

Stateful + directed + verified.

None of the four feature buckets is novel in isolation. The combination is the architecture.

ConcernChatGPT Teams / CopilotRAG / GleanCustom agent frameworksCtrl AI
Memory across sessions~Cases hold typed state + event log
Standing objectives between promptsGoals drive selection, triggers, prelude
Hallucination prevention~ RAG cites prose~ tools but no governanceCapabilities are the only fact source
Audit trailConversation history, brittleCitation refs, brittleLogsCryptographic receipts + Case events
What the AI is allowed to doImplicitImplicitTool list, unsignedFinite catalog of signed Capabilities
Action vs answerMostly answersAnswers onlyActs, no governanceActs on triggers · destructive ops gated
Pricing

Three primitives. Three plans.

Every plan ships Capabilities, Cases, and Goals. You pick the governance depth.

Starter

$12/ user / month

Solo founders + small teams getting their first 20 Capabilities signed.

  • Up to 50 signed Capabilities
  • Cases + Goals, full audit log
  • Public Trust Portal
  • Standard data connectors
  • Inference at pass-through cost (no provider account needed)
Start free trial
Most popular

Professional

$25/ user / month

Operating teams: Triggers, MCP server, BYOK, dual-signature.

  • Everything in Starter
  • Triggers (cron, threshold, webhook, goal-state)
  • Public MCP server endpoint
  • Dual-signature on destructive Capabilities
  • BYOK (Anthropic, OpenAI, Gemini)
  • Self-improvement aggregator
Start free trial

Enterprise

Customfrom $40 / user / month

Regulatory-grade. VPC, on-prem, sector compliance, dedicated CSM.

  • Everything in Professional
  • On-prem or VPC deployment
  • SOC 2 Type II · Basel III · sector-specific
  • Domain-level access control + data residency
  • Custom connector development
  • SLA + dedicated CSM
Contact sales
14-day free trial
No credit card required on any plan.
Annual plans save 20%
Commit to a year, pay 10 months.
Inactive seats billed at 20%
Members idle 90+ days drop automatically. Reactivate any time.
BYOK on Pro & Enterprise
Your Anthropic/OpenAI/Gemini key. Pay the provider directly.

All plans include AES-256-GCM encryption at rest, audit logging, and Ed25519-signed receipts anchored to a transparency log.

Frequently asked questions

Skills. Memory. Direction.

Sign your first Capability, open your first Case, commit to your first Goal — in a 30-minute trial.

Start free trial Book a demo

14-day free trial · No credit card required