This policy defines how /exo/kernel may change.
Kernel is only:
- governance enforcement
- side-effect gating
- ticket/lock temporal authority
- immutable audit and receipts
Anything else belongs outside kernel.
Kernel changes are human-only and out-of-band.
Forbidden through Exo governed flows:
- proposal-driven kernel edits
- ticket-based kernel edits
- autonomous kernel patching by agents
Kernel version is semantic: exo-kernel MAJOR.MINOR.PATCH.
Kernel version must be embedded in:
- governance lock metadata
- every audit event
- every receipt
Past decisions and receipts never change meaning. Old records remain interpreted under the kernel version that created them.
- PATCH: refactor/perf/logging only, same semantics.
- MINOR: additive, opt-in behavior only.
- MAJOR: semantic changes; requires explicit migration and frozen legacy receipts.
Kernel must never include:
- planning
- memory retrieval
- LLM calls
- goal selection
- self-evolution logic
If a problem is solvable in governance or stdlib, do not change kernel.