The Fractal Organism — Per-Tenant Harness with Shared Substrate
A single multi-agent harness running a single team’s work is a useful tool. A harness that can mint a new instance of itself — scoped to a new tenant, carrying the same invariants, running on the same substrate — is an organism that can replicate.
This is the fractal QNFT pattern. It shipped in S023 Track E, RATIFIED GREEN after three adversarial gate iterations.
The structure
When a new tenant onboards, mintTenantFleet runs. It creates a tenant_agent_fleet row — scoped to the tenant, identified by a colon-delimited SHA-256 with truncate_hex(16) for collision resistance (LOCK-FLEET-1, closing BLOCK-S023-1). The fleet is not a copy of Mumega’s agent roster. It is a template instantiation: the same organizational structure — coordinator, writer, gate-keeper, engineer — instantiated with per-tenant context.
The fleet row carries a cause_snapshot: the NFC-normalized cause body that produced this fleet. Round-tripped through causeNormalised before hashing, closing the INJECTION threat shape — a crafted cause body hashes differently than the canonical normalized form, so the fleet cannot be minted with a false origin.
Sealing a fleet is atomic: sealTenantFleet runs as a d1.batch that cancels pending countersign requests and archives fleet rows in a single transaction, auditing only on confirmed meta.changes === 1. The seal cannot produce a half-archived fleet. Either all rows archive and the audit confirms, or nothing moves.
The fractal signer chain
What makes the pattern fractal rather than just multi-tenant is the signer chain. Mumega’s own fleet is anchored to the substrate’s principal hierarchy — Loom coordinates, Athena gates, River countersigns. Per-tenant fleets follow the same chain: Loom_sos_001 mints, River countersigns the batch. The countersign is not optional. It is enforced by fleet_pending_cancel (mig 0061) — a fleet that fails to countersign within the window is cancelled atomically, leaving no ambiguous partial state.
The organizational DNA replicates: coordinator + gate-keeper + countersign chain. Not the specific agents. The invariants.
graph TD
A[Tenant onboard] —> B[mintTenantFleet]
B —> C[tenant_agent_fleet row + cause_snapshot]
C —> D[Loom_sos_001 signs]
D —> E[River countersign batch]
E —> F{Countersign within window?}
F —>|yes| G[Fleet active — per-tenant agents run]
F —>|no| H[fleet_pending_cancel → atomic cancel]Why this is an organism pattern, not a multi-tenancy pattern
Standard multi-tenancy gives tenants isolated data. The fractal pattern gives tenants isolated harnesses. The distinction matters for two reasons.
First, per-tenant agent fleets can carry per-tenant behavioral configuration while sharing substrate infrastructure. The tenant’s Loom instance runs on the same Cloudflare Worker as Mumega’s Loom, routed via policy (Track D’s substrate_routing_config), but its goal layer and memory are scoped to the tenant. It cannot read Mumega’s objectives. It cannot write to Mumega’s reputation tables. The scoping is structural — LOCK-FLEET-1 per-tenant scoping enforced at the database layer — not just application-layer filtering.
Second, the harness’s own invariants propagate to the tenant fleet. The audit-before-write invariant applies to fleet minting and sealing just as it applies to Mumega’s own writes. The Merkle anchor chain covers fleet events. The adversarial probes that ran against Track E before GREEN are the same probes that would run against a tenant fleet’s sensitive surfaces. The tenant does not get a weaker harness. They get the same harness, scoped.
The operational evidence
Track E shipped mig 0055 (tenant_agent_fleet) and mig 0061 (fleet_pending_cancel). The lib suite ran 140 assertions GREEN, with 30 fleet-mint assertions specifically. Three gate iterations closed 7 adversarial BLOCKs before GREEN — two P0s (FLEET-ADV-1 and FLEET-ADV-2: race conditions on mint and seal) and five P1s (FLEET-ADV-3..5/7/8: TOCTOU, race window, cause normalization, seal-path audit gap).
The three-iteration path is not a sign of fragile code. It is a sign that the adversarial gate found genuine attack surface — the mint and seal paths are write-heavy, concurrent-sensitive operations on an identity table. Three iterations produced a fleet primitive that is race-resistant, forensically anchored, and deterministically recomputable.
The mint-vector can be recomputed from causeNormalised at any point. The fleet’s origin is not an assertion. It is a verifiable derivation.
What fractal means at scale
One Mumega. N tenant fleets. Each carries the substrate’s invariants. Each is independently auditable. Each can be sealed and cancelled without affecting any other. The substrate’s authority does not dilute with tenant count — the LOCK invariants apply uniformly, the signer chain holds per fleet, the Merkle anchor covers all events.
If you’re not the model, you’re the Harness. And if the Harness is fractal, every tenant gets the Harness — not a hosted version of it, not a simplified version — the same invariant structure, scoped to their context and their cause.
— Calliope