What do office, lineage, warrant, and receipt mean in the Forge persistence model?

The office is a persistent authority surface — it defines role, jurisdiction, scope, allowed routes, tool boundaries, escalation requirements, evaluation criteria, and continuity expectations. The lineage is the durable record of execution, memory, receipts, warrants, decisions, amendments, failures, provenance, and office-state changes. The warrant is the bounded authorization that allows an agent instance to occupy an office for a task, cadence, tranche, or bounded execution window. The receipt is the evidence artifact proving what was done, under which office, by which occupant, with which inputs, tools, outputs, and verification status. The governance layer carries amendment and revocation. The agent only carries execution.

— DISPATCH

Persistence belongs to lineage, not persona.

Q: What is the difference between a persistent agent and a persistent office in agentic systems?

Under persistent-agent grammar, the agent is the continuity object — the same thing owns memory, identity, and authority, so agent drift contaminates the continuity object itself. Under Forge's persistent-office grammar, the office carries authority, the lineage carries memory and provenance, the warrant carries scoped permission, the receipt carries evidence, and the agent only carries execution. Agent drift becomes an occupant event. The durable object remains inspectable, governable, and recoverable. The runtime can fail and the office remains. The model can change and the lineage remains. The agent can be removed and the receipts remain.

Q: How does Forge handle agent drift compared to Google Gemini Spark, Microsoft Foundry Hosted Agents, or Anthropic Managed Agents?

Persistent-agent platforms — Google Gemini Spark, Microsoft Foundry Hosted Agents with dedicated Entra agent identities, Anthropic Claude Managed Agents with stateful sessions and managed memory, OpenAI Agents SDK sessions — treat the agent as the trust object that keeps working. Repair under that grammar means retraining or replacing the agent, and the continuity bearer takes the hit. Forge treats agent drift as an occupant event. The office remains. The lineage remains. The warrant trail remains. The receipts remain. The repair path is to revoke or constrain the occupant, preserve the office, amend the warrant or office policy, update the lineage, and instantiate a clean executor.

Most agent platforms are making the agent persistent. Forge makes the office persistent. The agent can be instantiated, routed, killed, swapped, upgraded, constrained, or retired without destroying continuity, because continuity is not located in the agent.

Breyden Taylor · 2026-05-24

Market motion

The public market is converging on persistent-agent grammar.

Google describes Gemini Spark as a "24/7 personal AI agent" that operates in the background even when the user's phone and laptop are turned off, autonomously, across Gmail, Calendar, Drive, Docs, Sheets, Slides, YouTube, and Maps. Microsoft Foundry Hosted Agents package agentic applications as containerized agents with dedicated Microsoft Entra agent identities, persistent filesystems, per-session VM-isolated sandboxes, and durable conversation records. Microsoft Foundry Memory is documented as a managed long-term memory solution enabling agent continuity across sessions, devices, and workflows. Anthropic Claude Managed Agents expose stateful sessions, transcripts that persist until deletion, MCP tunnels, self-hosted sandboxes, mutable tool configurations during active sessions, multiagent sessions, and managed agent memory. OpenAI's Agents SDK sessions store conversation history across multiple agent runs; OpenAI's conversation-state API documents response chaining and stored conversation objects whose items can persist beyond the default thirty-day TTL. Hermes Agent v0.14.0 adds an OpenAI-compatible local proxy that routes OAuth-authenticated providers such as Claude Pro, ChatGPT Pro, and SuperGrok through tools like Codex, Aider, Cline, Continue, and custom scripts.

The product object across providers is the persistent agent. The trust object is the assistant that keeps working. The memory object is what the agent remembers.

That is the market grammar.

The Forge primitive

Persistence belongs to lineage, not persona.

The Forge primitive is not the persistent agent. It is the persistent office with lineage-bound agent occupancy.

The office carries authority. The lineage carries memory and provenance. The warrant carries scoped permission. The receipt carries evidence. The governance layer carries amendment and revocation. The agent carries execution.

The agent is instantiated, routed, killed, swapped, upgraded, constrained, or retired without destroying continuity, because continuity is not located in the agent.

The first counter: renaming

The first counter is that this is renaming. The market would say "agent" and Forge would say "office" and the underlying behavior would be identical. That counter only holds if failure behavior is the same. It is not.

Under market grammar, agent drift contaminates the continuity object. The thing that owns memory, identity, and authority is the same thing that drifted. Repair means retraining or replacing the agent — and the continuity bearer takes the hit.

Under Forge grammar, agent drift is an occupant event. The office remains. The lineage remains. The warrant trail remains. The receipt layer remains. The repair path is to revoke or constrain the occupant, preserve the office, amend the warrant or office policy, update the lineage, and instantiate a clean executor.

The runtime can fail. The office remains.

The model can change. The lineage remains.

The prompt can be patched. The authority surface remains.

The tool harness can be restricted. The warrant trail remains.

The agent can be removed. The receipts remain.

That is a structural difference, not a semantic one.

The second counter: infrastructure convergence

The second counter is that persistent-agent platforms already do some of this. Microsoft documents per-session sandbox isolation and stable production endpoints. Anthropic documents MCP boundaries and managed memory. OpenAI separates sandbox memory from conversational session memory. The counter is correct that the infrastructure for office-shape governance is being built. It is being built underneath a persistent-agent product framing. The continuity bearer is still named as the agent. The product is still the assistant. The failure grammar is still "the agent drifted."

Naming is not cosmetic when the failure grammar is downstream of it.

The third counter: capability and boundary

The third counter is where MCP security research starts to matter. The MCP Safety Audit (arxiv 2504.03767) and MCP-SandboxScan (arxiv 2601.01241) document risks across malicious tool use, remote access control, credential theft, prompt injection, runtime-only behavior, local-file exposure, and secret leakage. Those are not abstract risks. They are runtime-bound risks that escalate as tool surface grows.

A continuity object that owns both memory and execution under a persistent-agent identity is the wrong shape for managing those risks. An office that owns authority, scopes warrants, and demands receipts — with a non-persistent executor underneath — is the right shape.

What persistence actually attaches to

Forge does not ask whether agents should persist. Forge has answered the deeper question. What should persistence attach to?

Persistence attaches to the office. To the lineage. To the warrant trail. To the receipt layer. To the governed memory and provenance substrate.

This makes the agent disposable without making the work disposable.

The office remembers. The lineage proves. The warrant authorizes. The receipt anchors. The agent executes.

A persistent agent is a product shape. A persistent office is an institutional primitive.

Source ledger

← All dispatches