§01 · Frame

The compile-and-execute model

Three timescales — compile, execute, audit — and the architectural commitments that follow.
Reads after
Reads before
§02 ROE → MissionArtifact
Key claim
Lincoln is a compiler-and-runtime for command intent. Human judgment lives at compile time; execution is deterministic; the audit chain is the trace.

Lincoln is a compile-and-execute path for command intent. The mission artifact is the compiled binary. The policy engine is the runtime. The audit chain is the debug trace. Language models are used at compile time and at explain time. This document names the three timescales and the commitments they entail.

§1Three timescales

Lincoln separates compile, execute, and audit into three distinct phases.

COMPILE TIME minutes — hours, off-line EXECUTE TIME microseconds — milliseconds AUDIT TIME post-mission, on-demand Inputs ROE prose, OPORD, brief photo, annexes. Who Commander + staff, with time to think. Tools LLM-assisted parser, allowlist gate, operator validation, Ed25519 signature. Output Signed MissionArtifact. Inputs Track events, autonomy proposals, comms state. Who Runtime + policy engine, no human in the path. Tools Hard-block predicates, 4-D scoring formula, timeout-to-BLOCK, Ed25519 audit append. Output Decision + signed entry. Inputs Hash-linked audit log, signed mission artifact. Who JAG, IG, after-action, higher echelon review. Tools verifyChain() recompute, paragraph-ref lookup, post-hoc narration (LLM, separate signed chain). Output Provable decision trace.
Figure 1. Three timescales, three sets of tools, three sets of accountable actors. The signed MissionArtifact is the only artifact that crosses the compile→execute seam; the audit chain is the only artifact that crosses the execute→audit seam.

§2The separation in practice

DoDD 3000.09 requires “appropriate level of human judgment over the use of force.” The directive specifies that human judgment exist at an appropriate point in the system's design and operation. Lincoln places that point at compile time.

At compile time, the commander has time to think, staff support, access to the full operational picture, and the authority their position confers. The mission artifact captures that judgment cryptographically. At execute time, the runtime enforces what the artifact authorizes; the operator retains exception authority and the commander retains override authority. The audit chain links each decision back to the signed authorization.

On per-engagement approval Per-engagement human approval shifts what executes from what the commander authorized to what the operator interpreted from what the commander authorized, often under stress and with partial information. Lincoln captures commander authority cryptographically at compile time and enforces it deterministically at execute time. The judgment is human; the enforcement is machine; the accountability is cryptographic.

§3The compiler analogy

The compiler frame maps onto Lincoln's components directly:

Compiler conceptLincoln equivalent
Source codeCommander's prose ROE, OPORD, brief, annexes — paragraph-numbered.
Frontend / parser@lincoln/interpretation: LLM-assisted parse from prose / image to structured candidate fields.
Type checkerZod schemas in @lincoln/schemas: every artifact field type-checked against a versioned grammar.
Allowlist / linter@lincoln/interpretation/allowlist: rejects engagement classes not explicitly authorized; rejects unknown rule kinds; rejects shapes that fall outside the grammar.
Compile-time reviewOperator-in-the-loop validation: parsed artifact shown alongside source, commander confirms or corrects before signing.
Code signingEd25519 signature over canonical-JSON of the final artifact, by the issuing-node private key bound to the commander's identity.
Compiled binaryMissionArtifact: typed, signed, paragraph-traced, deterministic-to-execute.
Runtime / VM@lincoln/policy-engine: pure evaluator. Given (artifact, world-snapshot, proposal) it produces (decision, fired-rules) with no I/O and no LM.
Stack trace / debug infoAudit entry's fired_rules[].paragraph_ref: every rule that contributed to the decision cites the source paragraph it came from.
Build reproducibilityverifyChain() at shutdown: recomputes hashes, re-verifies signatures, returns a single {valid: true} or the index of the first broken link.
Linker / dynamic loadingRuntime artifact verification at boot: refuses to start if signature does not verify against the issuing-node public key.

§4Architectural commitments

Five concrete commitments follow from the compile-and-execute model, each enforced at build, boot, or runtime:

compile / execute separation NO LM AT EXECUTE enforced by per-package arch tests on imports SIGNED ARTIFACT runtime refuses to boot on signature mismatch DEFAULT BLOCK timeout, missing input, stale picture all → BLOCK PARAGRAPH-TRACED every fired rule cites source HASH-LINKED LOG tamper-evident, re-verified at shutdown
Figure 2. Five architectural commitments that follow from taking compile/execute separation seriously. Each is enforced at build time, boot time, or runtime — not just documented.

§5What follows

The remaining four documents walk the model from input to output.