The trio model
Musketeer uses a three-role architecture - the trio - to enforce separation of duties during execution. Each role has a distinct responsibility and owns specific files on disk.
The trio
Originator
The Originator defines intent and plan. It is responsible for:
- Declaring the goal and desired outcome
- Defining the tasks to be executed
- Owning
intent.ymlandplan.yml
The Originator decides what should happen. It does not execute.
Cross-Examiner
The Cross-Examiner challenges the plan and sets constraints. It is responsible for:
- Reviewing the Originator’s intent and plan
- Setting scope boundaries, non-goals, and allowlists
- Owning
constraints.yml - Writing review notes to
plan.yml
The Cross-Examiner provides adversarial review. It does not execute.
Executor
The Executor applies changes and produces artifacts. It is responsible for:
- Carrying out the tasks defined in the plan
- Recording progress entries with sequence numbers
- Writing to
progress.ymlandhandoff.yml
The Executor may not modify intent.yml or constraints.yml. It works within the boundaries set by the other two roles.
Why three roles
This separation provides:
- Separation of duties - each role has a defined responsibility and owned files
- Accountability - progress entries record which role acted and when
- Auditability - all state is on disk in human-readable YAML
- Handoffs - transitions between roles are explicit and recorded
The triangle
Originator
/ / / intent / + plan / Cross-Examiner ------- Executor
constraints progress + handoffEach vertex of the triangle owns specific files. Handoffs flow between roles through these files.
File ownership
| Role | Owns | May not modify |
|---|---|---|
| Originator | intent.yml, plan.yml | constraints.yml |
| Cross-Examiner | constraints.yml, plan.yml | intent.yml |
| Executor | progress.yml, handoff.yml | intent.yml, constraints.yml |
Note: File ownership is a design policy. The current CLI does not enforce write restrictions per role. Enforcement is planned.