We present a certified purity architecture that converts governance enforcement in cognitive workflow systems from a runtime convention into a structural capability boundary. A prior three-layer governance architecture proves governance completeness, provenance completeness, and the impossibility of ungoverned effects, conditional on the pure module constraint: that step executors cannot perform effects. That constraint was enforced by module import graph analysis, which is insufficient against adversarial bypass on the BEAM virtual machine. This paper closes the gap through four mechanisms: (1) a restricted WebAssembly compilation target where effect-producing instructions are structurally absent; (2) purity certificates, cryptographically signed proofs binding executor binaries to their import classifications; (3) a runtime verification gate that rejects uncertified executors before they enter the governance pipeline; and (4) portable governance credentials via remote attestation for cross-organizational verification. We prove four theorems: structural purity by construction, bypass elimination for all five BEAM bypass classes, certificate integrity, and gate completeness. The guarantee holds relative to an explicit Trusted Computing Base. Evaluation on four implemented executors shows verification latency of 39--42 us, full plan cycle under 400 us, runtime overhead under 0.4% of a 100 ms HTTP request, and zero determinism divergences across repeated invocations.

翻译：我们提出了一种认证纯性架构，将认知工作流系统中的治理执行从运行时惯例转变为结构化的能力边界。先前的三层治理架构证明了治理完备性、溯源完备性以及无治理效果不可能性，但这些结论依赖于纯模块约束——即步骤执行器不能产生副作用。该约束曾通过模块导入图分析来实施，但在BEAM虚拟机上不足以抵御对抗性旁路攻击。本文通过四种机制弥补了这一缺陷：(1) 限制性WebAssembly编译目标，其中产生效果的指令在结构上完全缺失；(2) 纯性证书，即对执行器二进制文件及其导入分类进行加密签名绑定的证明；(3) 运行时验证网关，在未认证执行器进入治理流水线前予以拒绝；(4) 通过远程证明实现跨组织验证的可移植治理凭证。我们证明了四个定理：结构上的构造纯性、针对全部五类BEAM旁路的绕过消除、证书完整性以及网关完备性。该保证基于明确的信任计算基。在四个已实现执行器上的评估显示：验证延迟为39-42微秒，完整计划周期低于400微秒，运行时开销低于100毫秒HTTP请求的0.4%，且重复调用间未出现零确定性偏差。