Agent Governance Series
Eight papers establishing the formal foundations of autonomous agent governance. Each paper addresses a distinct layer — from atomicity at the decision boundary to empirical validation on real LangGraph agents — forming an irreducible architecture for governed execution.
Author: Marcelo Fernandez · TraslaIA · agentcontrolprotocol.xyz
Reading Sequence
Each paper builds on the previous. The series can be read sequentially or by layer.
Why is atomicity at the decision boundary a structural requirement?
How do we implement that boundary as a concrete enforcement protocol?
What can we actually observe above the enforcement boundary?
Is the multi-layer architecture irreducible? Who executes and under what allocation constraints?
Given partial observability, when is execution authority actually valid?
How do we enforce RAM as a runtime protocol in a real system?
Does the full stack close the gap between governance and execution on real LLM agents?
Papers
Atomic Decision Boundaries: A Structural Requirement for Guaranteeing Execution-Time Admissibility in Autonomous Systems
Proves that no system separating evaluation from execution can guarantee admissibility at execution time. Introduces the atomic decision boundary — the condition under which decision and state transition are a single indivisible step — and maps RBAC, OPA, and ACP to a structural taxonomy of governance mechanisms.
Agent Control Protocol: ACP v1.30 — Admission Control for Agent Actions
The ACP specification. Temporal admission control enforcing behavioral properties over execution traces via a 6-stage pipeline, execution tokens, cryptographic delegation chains, and a stateful risk engine (ACP-RISK-3.0). TLA+ verified over 4.29 × 10⁹ states with 9 safety invariants and 4 temporal properties.
From Admission to Invariants: Epistemological Limits of Local Observability in Agent Governance
Proves that enforcement signals are epistemologically insufficient for detecting behavioral drift. Introduces the Invariant Measurement Layer (IML): a consistent estimator of behavioral deviation D̂(τ, A₀) with finite detection delay, validated across LangGraph agents, webhook pipelines, and single-agent executors.
Irreducible Governance Structure for Autonomous Agent Systems: Fair Allocation, Strategy-Proofness, and Multi-Scale Composition
Establishes allocation as a first-class governance dimension. Proves Sybil amplification (any allocation mechanism is vulnerable to identity multiplication) and a strategy-proofness impossibility analogous to Arrow's theorem. The central result is an irreducibility theorem: under finite observability, no strict subset of the four governance layers (temporal, state, behavioral, population) can replicate the guarantees of the full architecture.
Reconstructive Authority Model: Runtime Execution Validity Under Partial Observability
Separates integrity from coverage: cryptographic attestation proves trust in measurement, not completeness of execution-relevant reality. The Reconstructive Authority Model (RAM) introduces a reconstruction gate over an explicit coverage envelope and proves coverage is a necessary condition for execution validity. Invalid execution rates are proportional to the unobservable state fraction (1 − |S_p|/|S_r|).
Operationalizing Reconstructive Authority: Runtime Construction, Dependency Resolution, and Execution Gating in Autonomous Agent Systems
Provides the runtime enforcement of RAM. Introduces a concrete execution protocol with dynamic dependency resolution, authority reconstruction at action time, and a Recovery Loop integrating IML drift detection with ACP execution gating. Proves the Execution Safety Theorem (no action executes without constructible authority) and Conditional Liveness (execution resumes when authority-defining variables become observable).
Closing the Execution Gap in LLM Agent Systems: Empirical Evidence for Compliant Drift, Partial Observability, and Integrated Runtime Governance
First empirical validation of the complete ACP+IML+RAM+RecoveryLoop stack on real LangGraph agents. Introduces Compliant Drift — the phenomenon where g(τ)=0 throughout (all decisions approved) while D̂ grows monotonically — and proves it is real, measurable, and closeable. Four experiments: drift detection across 6 seeds and 2 LLM families (Mistral 15B, DeepSeek-R1 8B), 10k Monte Carlo trials under partial observability, multi-agent coordination up to N=16, and full-stack integration over 2000 steps. Introduces 3 theoretical refinements to the formal framework.
The Four Governance Layers
The series establishes four orthogonal dimensions of agent governance. The irreducibility theorem (P3/4) proves that none can be eliminated without loss of correctness or stability.
Temporal
Decision and state mutation as a single indivisible step. Eliminates the gap between evaluation and execution. P0, P1
State
Enforcement of constraints over system state via stateful risk evaluation and execution tokens. P1
Behavioral
Detection and measurement of drift above the enforcement boundary. Enforcement signals are insufficient — a separate measurement layer is necessary. P2
Population
Allocation of execution access among competing agents under shared resource constraints. Fair allocation and strategy-proofness cannot be simultaneously achieved. P3/4
P5 and P6 address a fifth dimension orthogonal to all four: runtime authority validity under partial observability — the question of whether execution is valid given what the system can actually observe at action time.
All papers are independently available on Zenodo with permanent DOIs. Pre-prints are on arXiv (where available).