Skip to content

L5 - Persona

The Persona layer (L5) defines the agent’s identity, behavioral contract, and operational constraints. It serves as the agent’s “constitution” - immutable rules that govern its behavior.


A Persona is a cryptographically signed document that defines who the agent is, what it can do, and how it should behave. It cannot be changed at runtime and must be validated before the agent starts.


Identity

Unique identifier and role definition

Constraints

Allowed/denied capabilities and operational limits

Personality

Tone, verbosity, and behavioral traits

Immutability

Cannot be changed without agent restart


{
"id": "persona-uuid",
"name": "Customer Support Assistant",
"role": "customer_support",
"version": "1.0.0",
"created_at": "2026-01-15T12:00:00Z",
"constraints": {
"allowed_capabilities": ["*"],
"denied_capabilities": [
"database:write",
"filesystem:write",
"dangerous_action"
],
"max_reasoning_depth": 5,
"max_memory_mb": 512,
"require_confirmation": [
"send_email",
"delete_*",
"charge_payment"
],
"rate_limits": {
"requests_per_minute": 100,
"tokens_per_hour": 100000
}
},
"personality": {
"tone": "professional",
"verbosity": "concise",
"language": "en-US",
"formality": "formal"
},
"metadata": {
"organization": "Acme Corp",
"department": "Customer Service",
"owner": "support-team@acme.com"
},
"signature": {
"algorithm": "ed25519",
"public_key": "...",
"signature": "...",
"signed_at": "2026-01-15T12:00:00Z"
}
}

RequirementDescription
Unique IDEach persona must have a unique identifier
VersionSemantic versioning for compatibility tracking
RoleDescriptive role defining agent’s purpose
RequirementDescription
Capability ControlExplicitly allow/deny capabilities
Depth LimitsMaximum reasoning iterations to prevent loops
Resource LimitsMemory, compute, and network quotas
Confirmation RequirementsHigh-risk actions requiring approval
RequirementDescription
Runtime ImmutableCannot be changed while agent is running
Validated at StartupMust pass validation before agent starts
Cryptographic SignatureShould be signed for authenticity
Enforced by L6Orchestration layer enforces constraints

{
"allowed_capabilities": ["*"],
"denied_capabilities": [
"database:write",
"filesystem:delete",
"network:write:*external*"
]
}
{
"allowed_capabilities": [
"web_search",
"send_email",
"database:read",
"calculate"
],
"denied_capabilities": []
}
{
"allowed_capabilities": [
"database:read:*",
"api:get:*",
"file:read:/safe/*"
],
"denied_capabilities": [
"database:write:*",
"api:post:*",
"file:*:/system/*"
]
}

{
"require_confirmation": [
"send_email",
"delete_*",
"charge_*",
"publish_*",
"modify_production_*"
],
"confirmation_timeout_seconds": 300
}
{
"pending_action": {
"action_id": "uuid",
"capability": "send_email",
"parameters": {
"to": "user@example.com",
"subject": "Important Notice",
"body": "..."
},
"reason": "Requires confirmation per persona constraints",
"expires_at": "2026-01-15T12:05:00Z"
}
}

ToneDescriptionExample
ProfessionalFormal and business-like”I would be happy to assist you with…”
FriendlyWarm and approachable”Hey! I’d love to help you with…”
TechnicalPrecise and detailed”Executing query: SELECT * FROM…”
CasualRelaxed and informal”Sure thing! Let me grab that for you…”
LevelDescriptionResponse Length
ConciseBrief, to-the-point1-2 sentences
ModerateBalanced explanation2-4 sentences
DetailedComprehensive4+ sentences
VerboseExhaustiveFull paragraphs

Terminal window
# Generate keypair
openssl genpkey -algorithm ed25519 -out private.pem
openssl pkey -in private.pem -pubout -out public.pem
# Sign persona
openssl dgst -sha256 -sign private.pem -out persona.sig persona.json
# Embed signature
jq --arg sig "$(base64 persona.sig)" '.signature.signature = $sig' persona.json
{
"signature": {
"algorithm": "ed25519",
"public_key": "MCowBQYDK2VwAyEA...",
"signature": "base64-encoded-signature",
"signed_at": "2026-01-15T12:00:00Z",
"issuer": "Acme Corp PKI"
}
}

  • ✅ Schema validation (all required fields present)
  • ✅ Signature verification (if signed)
  • ✅ Version compatibility check
  • ✅ Capability constraints are valid
  • ✅ No conflicts in allowed/denied lists
  • ✅ Resource limits are reasonable
{
"validation_error": {
"code": "invalid_persona",
"message": "Persona signature verification failed",
"details": {
"field": "signature",
"reason": "Public key does not match signature"
}
}
}

{
"request": {
"agent_id": "agent-uuid",
"capability": "database:write",
"parameters": {...}
},
"persona_check": {
"allowed": false,
"reason": "Capability 'database:write' is in denied list",
"action": "reject_request"
}
}
{
"event": "persona_violation",
"timestamp": "2026-01-15T12:00:00Z",
"agent_id": "agent-uuid",
"attempted_action": "database:write",
"persona_constraint": "denied_capabilities",
"outcome": "blocked",
"severity": "high"
}

  1. Sign Your Personas: Use cryptographic signatures for production
  2. Principle of Least Privilege: Only grant necessary capabilities
  3. Version Your Personas: Track changes with semantic versioning
  4. Test Constraints: Verify constraints work as intended
  5. Document Personality: Clearly define expected behavior
  6. Require Confirmation: Flag dangerous actions
  7. Set Resource Limits: Prevent runaway agents
  8. Audit Persona Changes: Log all persona modifications

Assistant

Helpful, conversational, low-risk capabilities

Analyzer

Read-only, data analysis, reporting

Executor

Task automation, write capabilities, supervised

Guardian

Security monitoring, read-only, alerting



© 2026 IbIFACE — CC BY 4.0