The Seam Stack

The problem

Local-first architecture might have solved the wrong half of the problem first.

The hard work of the last decade went into making clients credible: CRDTs that converge correctly, sync engines that survive partition, storage that holds when the network doesn't. That work was necessary, and it is mature enough to build on now. What it left unfinished is what happens at the boundaries, where a local-first system must interact with money, regulated work, the legal substrate, and parties outside the trust circle.

Those boundaries are the seams. And in production systems, the seam is where everything actually happens. Stripe at checkout. The hiring decision at a new job. The clinical handoff at a care transition. The labor relationship at a layoff. The seam is the moment the architecture has to answer for itself: to a regulator, to a court, to a counterparty, to a worker whose evidence of what happened is the only thing standing between them and a worse outcome.

The Seam Stack is a pattern for deliberately designing those moments.

The four layers

The architecture comprises four layers, each with a distinct responsibility. The layers are not optional substitutions for each other. A system that omits any one of them is not local-first at the seam; it has merely relocated the trust assumption elsewhere.

1. Substrate.
The local-first foundation: CRDTs, IndexedDB, sync. The substrate is what makes the client credible as the canonical site of state.

The substrate is not a commodity choice. The authorization and encryption properties of the substrate layer propagate upward into the Boundary and Evidence layers. Whether the relay can read the handoff bundle, whether access can be revoked after the fact, and whether the data is private to the worker by default are substrate questions, not governance questions. A substrate that uses end-to-end encryption with capability-based access control (such as Automerge + Keyhive) produces different architectural guarantees at the seam than one that does not. The Seam Stack documents substrate choices as they affect seam behavior.

2. Governance.
The rules that determine what counts as a legitimate operation at the seam: who can participate, in what role, with what authority. Governance is where the system encodes the social and legal facts that the substrate alone cannot represent. Trust tiers, role assignments, witness requirements, and who has standing to do a given thing.

Governance rules are only as strict as their enforcement layer. Where governance is enforced by policy and procedure, compliance depends on the trustworthiness of the parties. Where it is enforced cryptographically at the substrate level, it is binding regardless of party behavior. The distinction matters at the seam.

3. Boundary.
The seam itself: the explicit, designed moment where the local-first system meets something it does not control. Payment processors, regulated counterparties, identity verification ceremonies, and legal record handoffs. The boundary layer is where the architecture has to answer for itself: to regulators, courts, counterparties, and workers whose evidence of what happened is the only thing standing between them and a worse outcome. It is also where production systems most often cede the architecture's premise.

The boundary layer has a characteristic failure mode: the relay. A system that passes data through a server to reach a counterparty has introduced a trust dependency at the boundary, regardless of how local-first the substrate is. The relay should facilitate and exit. Where the substrate supports end-to-end encryption, the relay can be made structurally incapable of reading the content it carries; the exit is cryptographic rather than aspirational.

4. Evidence.
What persists after the seam closes? Who has a copy of what, in what format, with what cryptographic anchor, retrievable under what circumstances? The evidence layer is what makes the system answerable: to itself, to its participants, and to anyone who arrives later asking what happened.

The four layers compose. Omitting any of them relocates the trust assumption rather than eliminating it.

What this site contains

This section of Systems of Thought is where the Seam Stack is published and maintained.

The pattern, fully specified.
Bundle schema, legal record format, identity verification ceremony, failure taxonomy. The current published specification is v0.4.1 of the employment seam, the first instance of the pattern documented at specification depth.

The instances.
Four working prototypes were built across nine days, each demonstrating the boundary layer in a different domain: civic, commerce, healthcare, and social. A fifth prototype, the Keyhive employment seam, is in active development. It is the first instance of the pattern built on an authorization-backed substrate, and the first to include revocation as a first-class architectural event.

The writing.
Essays on the architectural argument, the AI-collaborative methodology that produced it, the governance model the pattern serves, and the design principles that govern the pattern. The current essays are Nine Days, Four Prototypes, One Framework (April 2026, methodology and pattern naming) and Full Personhood: The Governance Model AI Requires and Capitalism Never Built (May 2026, the governance argument and fifteen principles: v0.1 current draft).

The vocabulary.
Stable, resolvable terms for implementers: what each layer means, what each role does, and what each artifact is.

Where to start

If you are reading the Seam Stack for the first time, the entry points by interest:

For the governance argument, what the architecture is for, why it matters now, and what is at stake in whether it gets built, start with Full Personhood: The Governance Model AI Requires and Capitalism Never Built. The essay traces the 140-year asymmetry the Seam Stack is designed to address, scales the architectural commitment across four rings (individual, community, intergenerational, ecological), and names the AI deployment window as a forcing function. Appendix A states the fifteen governance principles in citation-ready form.

For the architectural argument, start with Nine Days, Four Prototypes, One Framework, the essay that names the pattern across four domains and the methodology that produced it.

For the specification, the v0.4.1 employment seam spec is the technical baseline. Linked from the spec index when published.

For the broader project, the Pattern Commons series on Systems of Thought situates the Seam Stack within a larger body of patterns for local-first architecture in regulated contexts.

Status

The Seam Stack is in active development.

v0.4.1 of the employment seam is the first stable specification. It documents the boundary layer for the employment relationship: entry seam, exit seam, handoff bundle delivery, failure taxonomy, and relay-exit discipline.

The Keyhive employment seam is the current development track.

It rebuilds the employment seam on Automerge + Keyhive, a substrate that provides end-to-end encryption and capability-based access control. The architectural differences from v0.4.1 are not incremental: the relay is cryptographically prevented from reading handoff bundle contents, access to shared data can be revoked after the fact, and the worker's local substrate is private by construction rather than policy. Revocation is a first-class event: the first pattern in the series, with a seam that fires on access grant and again on revocation. This track is in Phase 1 build.

This is a working architecture. It is published openly so that it can be implemented, critiqued, extended, and, where the pattern proves useful, adopted.

The Seam Stack is a project of Systems of Thought, a research lab and publication operated by UX Minds, LLC. The work is developed in part with AI assistance, disclosed where named.