Reconstructive Authority Model: Runtime Execution Validity Under Partial Observability

from arxiv, Agent Governance Series, Paper P5. Standalone resubmission following consolidation of P3+P4 into a single paper (P3/4, submit/7510907). Prior submission: submit/7501806. Companion papers on arXiv: P0 (2604.17511), P1 (2603.18829), P2 (2604.17517). Zenodo: 10.5281/zenodo.19669430

Autonomous systems increasingly operate under partial observability where execution-relevant state is never fully accessible. Existing governance mechanisms -- trusted execution environments, oracle-signed state proofs, cryptographic attestation -- enforce the integrity of computation and state projections. We show this is structurally insufficient: an authenticated projection of state is necessary but never sufficient for execution validity. We introduce the Reconstructive Authority Model (RAM), which separates integrity from coverage. RAM defines a reconstruction gate that reasons over an explicit coverage envelope -- comprising proven state, declared assumptions, and an acknowledged unobservable residual -- and permits execution only when coverage is adequate for the action class. When coverage is insufficient, RAM narrows privileges dynamically or fails closed. Attestation proves trust in measurement; RAM proves adequacy of what is measured. We formalize RAM, prove necessity via two theorems (attestation insufficiency and RAM necessity) and three corollaries, and present a hybrid RAM+Attestation architecture with privilege-narrowing. Synthetic experiments (N=100,000, seed=42) show RAM achieves zero invalid execution rates at all coverage levels. Attestation-based systems exhibit IER=0.423 at low coverage and IER=0.233 even at full coverage, the latter arising from undefined-state handling failures undetectable by integrity checks alone. This reframes execution validity as a coverage reconstruction problem, distinct from and complementary to integrity guarantees provided by attestation.

翻译：自治系统日益在部分可观测性下运行，其中与执行相关的状态从未完全可访问。现有的治理机制——可信执行环境、预言机签名的状态证明、密码学认证——强制保障计算和状态投影的完整性。我们证明这在结构上是不充分的：经过认证的状态投影对于执行有效性是必要的，但永远不够。我们引入了重构权威模型（RAM），它将完整性与覆盖范围分离。RAM定义了一个重构门，该门在一个明确的覆盖包络线上进行推理——包括已证明状态、声明假设和已承认的不可观测残差——并且仅在覆盖范围对于动作类足够时才允许执行。当覆盖范围不足时，RAM会动态缩小特权或安全失败。认证证明了对测量的信任；RAM证明了被测量内容的充分性。我们形式化了RAM，通过两个定理（认证不充分性和RAM必要性）和三个推论证明了其必要性，并提出了一个具有特权缩小功能的混合RAM+认证架构。合成实验（N=100,000，种子=42）表明RAM在所有覆盖级别均实现了零无效执行率。基于认证的系统在低覆盖下表现出IER=0.423，即使在完全覆盖下也表现出IER=0.233，后者源于仅完整性检查无法检测到的未定义状态处理失败。这将执行有效性重新定义为覆盖重构问题，与认证提供的完整性保证既有区别又相互补充。