Skip to content
Hussh
Connect MCP

World Model — user-side personal-knowledge store

North-star framing for user-owned personal context. Current repo truth is PKM/vault plus encrypted scoped exports; local/on-device claims remain future-state unless proven.

Concept

TL;DR: World Model is the north-star name for the user-owned personal context model that One can reason over only through consent, vault, PKM, and audit boundaries. Current repo truth is narrower: PKM/vault plus encrypted scoped exports. Local/on-device storage, schema, and Secure Enclave specifics remain future-state unless proven.

  • Status as of 2026-06-03: North-star concept; current shipped boundary is PKM/vault plus encrypted scoped export.

Relations

  • PCHP - the consent protocol that unlocks World Model reads
  • BYOA - architectural commitment
  • Signature Vault - separate vault for short-lived sensitive secrets
  • One - the platform the World Model anchors
  • Three-layer architecture - protocol layer surfaces World Model via PCHP
  • Universal Personal Data Schema (UPDS) - private supporting schema concept for typed user context.

What it is

The World Model is the north-star name for the user-side personal context model that One can reason over. In current repo language, the practical boundary is PKM/vault state plus encrypted scoped export. Specific two-table storage, key derivation, local-device topology, and schema details are design direction until checked implementation proof exists.

Why it exists

Every personal-AI product faces the same architectural fork: centralize user data and govern it by policy, or make the user-owned context boundary explicit and govern access through consent receipts, scoped exports, and local envelopes where possible. The World Model names Hussh's direction on the second path.

The two tables

North-star storage remains deliberately small and separable for clean reasoning:

  1. Identity table — phone number + email anchor, biometric-derived keys, the user's own canonical record about themselves.
  2. Knowledge table — the typed personal-knowledge graph (accounts, contacts, calendar facts, financial relationships, etc.) that One reads from and writes to under PCHP consent.

Both should be encrypted and should expose plaintext only during a consent-validated read. The exact device/storage primitive must be sourced from checked implementation evidence before it is treated as shipped.

Every read traverses three checks:

  1. CRT validity — is the Consent Receipt Token still in scope?
  2. DAT scope match — does the Data Access Token's scope include the table being read?
  3. Domain registry permission — is the requesting agent registered in the domain that owns this data?

Any one failure denies the read.

Relationship to PCHP

PCHP defines the wire protocol; the World Model is the durable user-side store that PCHP consent receipts unlock. They are not the same thing — PCHP is the language, the World Model is the vault.

What it is not

  • Not a cloud database. The World Model lives on the user's device(s).
  • Not a substitute for the Private Vault — the Vault holds short-lived sensitive secrets (signature, biometric envelope); the World Model holds durable knowledge.
  • Not exposed via raw API — only via PCHP-mediated reads.

Repo truth and north-star boundary

  • current shipped boundary: Implementation evidence now supports the Personal Knowledge Model (PKM) service (personal-knowledge-model-service.ts and its accompanying unit tests in pkm-prepared-blob-store.test.ts), merged in feat/agent-kai-revamp on 2026-06-03. This service provides concrete local context management and encrypted vault projection capability in the web application, moving the user-side personal-knowledge store from a conceptual design to a verified codebase service.
  • North-star direction: World Model names the user-side personal knowledge model that One can reason over only through scoped consent and vault authority.
  • Not shipped / not implied: do not diagram raw personal knowledge flowing directly into enterprise, desktop, local-model, or app-intent surfaces. Use scoped vault projections, encrypted exports, or local envelopes where implementation evidence supports them.
  • Source boundary: detailed implementation references stay in internal references until they are public-reader safe and tied to a shipped surface.

Sources

  • PCHP - consent protocol that scopes reads.
  • One - relationship layer that uses user-owned context.
  • Signature Vault - separate sensitive-secret pattern.
  • Internal Hussh source note - World Model glossary entry expanded into a concept page.