We present an algebraic semantics for governed execution in which governance is axiomatized, compositional, and coterminous with expressibility. The framework, mechanized in 32 Rocq modules (~12,000 lines, 454 theorems, 0 admitted), is built on interaction trees and parameterized coinduction. A three-axiom GovernanceAlgebra record (safety, transparency, properness) induces a symmetric monoidal category with verified pentagon, triangle, and hexagon coherence, where every tensor composition preserves governance. An algebraic effect system constrains the handler algebra so that only governance-preserving handlers can be constructed in the safe fragment; programs in the empty capability set provably emit only observability directives. Capability-indexed composition bundles programs with machine-checked capability bounds, and a dual guarantee theorem establishes that within_caps and gov_safe hold simultaneously under all composition operators. The capstone result is the coterminous boundary: within our formal model, every program expressible via the four primitive morphism constructors is governed under interpretation, and every governed program is the image of such a program. Turing completeness is preserved inside governance; unmediated I/O is excluded from the governed fragment. Governance denial is modeled as safe coinductive divergence. The governance algebra is parametric: any system instantiating the three axioms inherits all derived properties, including convergence, compositional closure, and goal preservation. Extracted OCaml runs as a NIF in the BEAM runtime, with property-based testing (70,000+ random inputs, zero disagreements) confirming behavioral equivalence between the specification and the runtime interpreter.

翻译：我们提出了一种受控执行的代数语义，其中治理被公理化、组合化，且与可表达性同界。该框架在32个Rocq模块中机械化实现（约12,000行代码、454个定理、0个待证），基于交互树与参数化余归纳。由三个公理（安全性、透明性、恰当性）构成的治理代数记录，诱导出具有已验证的五边形、三角形和六边形协调性的对称幺半范畴，其中每个张量组合保持治理性质。一个代数效应系统约束了处理器代数，使得在安全片段中只能构造保持治理的处理器；空能力集程序可证明仅发射可观测性指令。能力索引组合将程序与机器验证的能力边界打包成组，对偶保证定理确立了在所有组合算子下within_caps与gov_safe同时成立。最终成果是同界边界：在我们的形式模型中，凡通过四种原始态射构造子可表达的程序在解释下均受治理，且每个受治理程序都是此类程序的像。图灵完备性在治理内部得以保持；无中介的I/O被排除在受治理片段之外。治理拒绝被建模为安全的余归纳发散。治理代数具有参数性：任何实例化三个公理的系统都继承所有导出性质，包括收敛性、组合封闭性与目标保持性。提取的OCaml代码在BEAM运行时中作为NIF运行，基于属性的测试（70,000+随机输入，零分歧）验证了规范与运行时解释器之间的行为等价性。