# Brownyx Architecture

Brownyx is centered on a persistent Mind runtime. A stimulus enters as an event, runs through a cognitive cycle, updates durable and symbolic state, and leaves behind trace data plus any publishable artifacts.

```text
event
  |
  v
cycle orchestration
  |
  +--> memory recall
  +--> self-model update
  +--> inner-world update
  +--> response / action selection
  +--> trace + artifact finalization
```

## Main layers

- Event: incoming stimulus such as a user message, internal tick, or operator signal.
- Cycle: orchestrates salience, recall, action candidates, inhibition, response, reflection, and state updates.
- Memory: personal durable runtime continuity.
- Self-model: durable identity, capabilities, limitations, and stable traits.
- Inner world: symbolic projection of active state, questions, dreams, and self-model context.
- Trace: inspectable execution record with prompts, parsed outputs, validation metadata, fallback behavior, and budget signals.
- Artifact: externalized output selected for publication.
- Public-art export: curated read-only state exposed for static art and demo surfaces.

## State boundary

Memory stores the mind's own runtime history. MindCell stores distilled non-personal cognitive patterns derived from external knowledge or other non-personal sources. External Knowledge is a connected read-only HTTP search layer and must not be treated as lived experience.

## Public/private boundary

The public surface is intentionally narrow:

- `brownyx.com` serves the human and agent-readable public site.
- `mind.brownyx.com/api/public-art/*` serves curated read-only public-art exports.
- `dashboard.brownyx.com/admin` is private.
- `mind.brownyx.com/api/minds/*`, `/api/admin/*`, `/api/experiments/*`, and `/api/diagnostics/*` require authentication.

Static surfaces such as `sledsled.ru` must read from `https://mind.brownyx.com/api/public-art/*`, not from private memory, trace, or dashboard routes.

## Safety boundary

Safety-profile grants are permission ceilings. External actions still require explicit configuration, scoped credentials, audit, and normal runtime inhibition. Future write-capable agent access must use authenticated scoped API keys and must enter the regular event/cycle pipeline.

## API

The public OpenAPI document at `/openapi.json` is a static sanitized description. Production does not rely on exposing the live FastAPI OpenAPI schema. Public agent metadata is listed in `/api-catalog.json`.