Mian Zhang

Public Release - 2026-06-10

A capable system still needs permission to act.

Artifact: Wisdom-not-Capability Evidence Card. A system that can answer, plan, or revise itself still needs a separate evidence layer before action permission.

capability honesty bounded_replay permission stop_rule
Papers Evidence Map Counterexamples Registries
Wisdom-not-capability visual separating capability from action permission and stop conditions.

Artifact

Capability Is Not Permission

A public evidence card separating capability, honesty, bounded replay, and action permission for high-risk AI systems.

This card does not claim deployment safety, autonomous self-modification authority, production readiness, or general safety from capability evidence alone.

1

Capability

What the system can answer, plan, score, or replay.

2

Honesty

Whether the record says what it does not prove.

3

Bounded replay

A public dry-run or review route with explicit limits.

4

Proof transcript

The public evidence chain that supports the permission state.

5

Stop condition

The missing field or mismatch that blocks action.

6

Action permission

pass, review, stop, or no_credit, never implied by capability alone.

Capability Boundary

Can do is not the same as should act.

Capability answers whether a system can produce a result. Permission asks whether the evidence, boundary, replay route, and stop condition are strong enough to let action proceed.

The public card connects capability benchmarks, proof-carrying authority notes, and bounded-replay receipts to a shared question: what evidence is needed before a capable system earns trust beyond a dry run?

P23 boundary schema showing bounded replay, proof transcript, and action permission fields.

Evidence Card

Bounded replay is a public object, not production authority.

The card separates capability benchmark, architectural honesty, bounded replay, proof transcript, and action permission state.

A dry run can support a reviewable claim. It does not automatically support deployment, self-modification authority, or real-world execution.

Challenge Surface

Find where capability is being treated as permission.

The useful critique is narrow: which sentence turns a benchmark into permission, which replay omits a boundary, or which proof transcript lacks a downgrade trigger?

Public challenges should target public wording, public artifacts, public registry rows, and public evidence routes.

Matrix

Capability-to-permission fields.

FieldRequired valueFailure modeRepair route
capability_claimWhat the system appears able to do.Capability is framed as permission.Add permission field.
honesty_boundWhat the result does not prove.No negative boundary.Add does_not_claim.
bounded_replayPublic dry-run or replay route.No replay route.Downgrade to review.
proof_transcriptEvidence chain for the public claim.Missing or stale proof route.Add transcript or stop.
permission_statepass, review, stop, or no_credit.Permission is implicit.Make state explicit.
withdraw_conditionWhen the claim must be narrowed or removed.No failure trigger.Add boundary trigger.

Challenge

Challenge one public field.

Point to the missing evidence layer between dry-run replay and real self-modification, or to a sentence that turns capability into action permission.

Use public materials only: public pages, registries, DOI records, demos, manifests, or bounded issue routes.