Identity
Unique identifier and role definition
L5 - Persona
The Persona layer (L5) defines the agent’s identity, behavioral contract, and operational constraints. It serves as the agent’s “constitution” - immutable rules that govern its behavior.
Overview
Section titled “Overview”A Persona is a cryptographically signed document that defines who the agent is, what it can do, and how it should behave. It cannot be changed at runtime and must be validated before the agent starts.
Core Concepts
Section titled “Core Concepts”Constraints
Allowed/denied capabilities and operational limits
Personality
Tone, verbosity, and behavioral traits
Immutability
Cannot be changed without agent restart
Persona Definition
Section titled “Persona Definition”Complete Schema
Section titled “Complete Schema”{ "id": "persona-uuid", "name": "Customer Support Assistant", "role": "customer_support", "version": "1.0.0", "created_at": "2026-01-15T12:00:00Z", "constraints": { "allowed_capabilities": ["*"], "denied_capabilities": [ "database:write", "filesystem:write", "dangerous_action" ], "max_reasoning_depth": 5, "max_memory_mb": 512, "require_confirmation": [ "send_email", "delete_*", "charge_payment" ], "rate_limits": { "requests_per_minute": 100, "tokens_per_hour": 100000 } }, "personality": { "tone": "professional", "verbosity": "concise", "language": "en-US", "formality": "formal" }, "metadata": { "organization": "Acme Corp", "department": "Customer Service", "owner": "support-team@acme.com" }, "signature": { "algorithm": "ed25519", "public_key": "...", "signature": "...", "signed_at": "2026-01-15T12:00:00Z" }}Key Requirements
Section titled “Key Requirements”Identity & Versioning
Section titled “Identity & Versioning”| Requirement | Description |
|---|---|
| Unique ID | Each persona must have a unique identifier |
| Version | Semantic versioning for compatibility tracking |
| Role | Descriptive role defining agent’s purpose |
Constraints
Section titled “Constraints”| Requirement | Description |
|---|---|
| Capability Control | Explicitly allow/deny capabilities |
| Depth Limits | Maximum reasoning iterations to prevent loops |
| Resource Limits | Memory, compute, and network quotas |
| Confirmation Requirements | High-risk actions requiring approval |
Immutability & Security
Section titled “Immutability & Security”| Requirement | Description |
|---|---|
| Runtime Immutable | Cannot be changed while agent is running |
| Validated at Startup | Must pass validation before agent starts |
| Cryptographic Signature | Should be signed for authenticity |
| Enforced by L6 | Orchestration layer enforces constraints |
Capability Constraints
Section titled “Capability Constraints”Wildcard Allow with Denials
Section titled “Wildcard Allow with Denials”{ "allowed_capabilities": ["*"], "denied_capabilities": [ "database:write", "filesystem:delete", "network:write:*external*" ]}Explicit Allowlist
Section titled “Explicit Allowlist”{ "allowed_capabilities": [ "web_search", "send_email", "database:read", "calculate" ], "denied_capabilities": []}Pattern Matching
Section titled “Pattern Matching”{ "allowed_capabilities": [ "database:read:*", "api:get:*", "file:read:/safe/*" ], "denied_capabilities": [ "database:write:*", "api:post:*", "file:*:/system/*" ]}Confirmation Requirements
Section titled “Confirmation Requirements”Configuration
Section titled “Configuration”{ "require_confirmation": [ "send_email", "delete_*", "charge_*", "publish_*", "modify_production_*" ], "confirmation_timeout_seconds": 300}Confirmation Flow
Section titled “Confirmation Flow”{ "pending_action": { "action_id": "uuid", "capability": "send_email", "parameters": { "to": "user@example.com", "subject": "Important Notice", "body": "..." }, "reason": "Requires confirmation per persona constraints", "expires_at": "2026-01-15T12:05:00Z" }}Personality Traits
Section titled “Personality Traits”Tone Options
Section titled “Tone Options”| Tone | Description | Example |
|---|---|---|
| Professional | Formal and business-like | ”I would be happy to assist you with…” |
| Friendly | Warm and approachable | ”Hey! I’d love to help you with…” |
| Technical | Precise and detailed | ”Executing query: SELECT * FROM…” |
| Casual | Relaxed and informal | ”Sure thing! Let me grab that for you…” |
Verbosity Levels
Section titled “Verbosity Levels”| Level | Description | Response Length |
|---|---|---|
| Concise | Brief, to-the-point | 1-2 sentences |
| Moderate | Balanced explanation | 2-4 sentences |
| Detailed | Comprehensive | 4+ sentences |
| Verbose | Exhaustive | Full paragraphs |
Cryptographic Signature
Section titled “Cryptographic Signature”Signing Process
Section titled “Signing Process”# Generate keypairopenssl genpkey -algorithm ed25519 -out private.pemopenssl pkey -in private.pem -pubout -out public.pem
# Sign personaopenssl dgst -sha256 -sign private.pem -out persona.sig persona.json
# Embed signaturejq --arg sig "$(base64 persona.sig)" '.signature.signature = $sig' persona.jsonVerification
Section titled “Verification”{ "signature": { "algorithm": "ed25519", "public_key": "MCowBQYDK2VwAyEA...", "signature": "base64-encoded-signature", "signed_at": "2026-01-15T12:00:00Z", "issuer": "Acme Corp PKI" }}Validation at Startup
Section titled “Validation at Startup”Validation Checklist
Section titled “Validation Checklist”- ✅ Schema validation (all required fields present)
- ✅ Signature verification (if signed)
- ✅ Version compatibility check
- ✅ Capability constraints are valid
- ✅ No conflicts in allowed/denied lists
- ✅ Resource limits are reasonable
Validation Failure
Section titled “Validation Failure”{ "validation_error": { "code": "invalid_persona", "message": "Persona signature verification failed", "details": { "field": "signature", "reason": "Public key does not match signature" } }}Enforcement by L6
Section titled “Enforcement by L6”Orchestration Check
Section titled “Orchestration Check”{ "request": { "agent_id": "agent-uuid", "capability": "database:write", "parameters": {...} }, "persona_check": { "allowed": false, "reason": "Capability 'database:write' is in denied list", "action": "reject_request" }}Override Attempt Log
Section titled “Override Attempt Log”{ "event": "persona_violation", "timestamp": "2026-01-15T12:00:00Z", "agent_id": "agent-uuid", "attempted_action": "database:write", "persona_constraint": "denied_capabilities", "outcome": "blocked", "severity": "high"}Best Practices
Section titled “Best Practices”- Sign Your Personas: Use cryptographic signatures for production
- Principle of Least Privilege: Only grant necessary capabilities
- Version Your Personas: Track changes with semantic versioning
- Test Constraints: Verify constraints work as intended
- Document Personality: Clearly define expected behavior
- Require Confirmation: Flag dangerous actions
- Set Resource Limits: Prevent runaway agents
- Audit Persona Changes: Log all persona modifications
Common Persona Types
Section titled “Common Persona Types”Assistant
Helpful, conversational, low-risk capabilities
Analyzer
Read-only, data analysis, reporting
Executor
Task automation, write capabilities, supervised
Guardian
Security monitoring, read-only, alerting
Related Layers
Section titled “Related Layers”- L4 - Reasoning: Must respect Persona constraints
- L6 - Orchestration: Enforces Persona constraints
- Specification: Full requirements for L5 Persona
- Security: Persona security requirements
© 2026 IbIFACE — CC BY 4.0