AI systems increasingly synthesize executable structure at runtime: LLMs generate programs, agents construct workflows,self-improving systems modify their own behavior. In classical homoiconic and staged languages, the transition from code representation to execution is unrestricted. eval is a language primitive, not a governed operation. We argue that in governed intelligent systems, this transition is an authority amplification: it converts symbolic structure into executable authority and must be mediated like any other effect. We present governed metaprogramming, a language design where program representations (machine forms) are first-class values, form manipulation is pure computation, and materialization (the transition from form to executable machine) is a governed effect subject to structural inspection. The governance system analyzes the proposed program's capability requirements, policy compliance, and resource estimates before permitting execution. We formalize two judgments: pure form evaluation (which emits no directives) and governed materialization (which emits exactly one governed directive). We prove three properties: purity of form manipulation, the no-bypass theorem, and boundary preservation. We implement the design in mashinTalk, a DSL for AI workflows compiling to BEAM byte code, and report on integration with 454 existing machine-checked Rocq theorems. The central contribution is reclassifying eval from a language primitive into a governed effect.

翻译：人工智能系统日益在运行时综合可执行结构：大语言模型生成程序，智能体构建工作流，自改进系统修改自身行为。在经典的同像性和分层语言中，从代码表示到执行的转换不受限制。eval是语言原语，而非受控操作。我们认为，在受控智能系统中，此转换属于权限放大：它将符号结构转化为可执行权限，必须像其他效应一样进行中介处理。本文提出受控元编程语言设计，其中程序表示（机器形式）为第一类值，形式操作属于纯计算，而物化（从形式到可执行机器的转换）是受控效应，需接受结构检查。治理系统在允许执行前，会分析所提议程序的能力需求、策略合规性及资源估算。我们形式化两种判断：纯形式求值（不发出指令）与受化物化（恰好发出一条受控指令）。我们证明三项性质：形式操作的纯性、无旁路定理及边界保持性。该设计已在面向AI工作流、编译为BEAM字节码的领域特定语言mashinTalk中实现，并报告与454项现有机器校验Rocq定理的集成。核心贡献在于将eval从语言原语重新分类为受控效应。