Embodied Agents are evolving from passive reasoning systems into active executors that interact with tools, robots, and physical environments. Once an agent gains execution authority, the central challenge shifts from how to make it act to how to keep its actions governable at runtime. Existing approaches embed safety, recovery, and decision constraints inside the agent loop, making execution control difficult to standardize, audit, and adapt across environments. We propose a runtime governance framework for policy-constrained execution that separates agent cognition from execution oversight. Governance is externalized into a dedicated runtime layer performing policy checking, capability admission, execution monitoring, rollback, and human override. We formalize the control boundary among a persistent Embodied Agent, modular Capability Packages, and the governance layer, and define a policy-constrained execution pipeline evaluated under controlled simulation. Over 1000 randomized trials, the framework achieves 96.2%+/-2.7% interception of unauthorized actions, reduces unsafe continuation from 100% to 22.2%+/-3.1% under runtime drift, and attains 90.7%+/-3.0% recovery success with full policy compliance. Comparison with five baselines, including AutoRT-style constitution filtering and RoboGuard-style two-stage guardrails, shows that pre-execution filtering is equally effective across governance-aware methods, while only the proposed framework provides continuous runtime detection (RVDR = 61.3% vs. 0%) and structured recovery (all p<0.001). A sensitivity sweep across the full detection range confirms a genuine detection-continuation trade-off. This work argues future embodied systems should be designed for governable execution.

翻译：具身智能体正从被动推理系统进化为主动执行器，其能够操控工具、机器人并与物理环境交互。一旦智能体获得执行权限，核心挑战便从"如何使其行动"转向"如何在运行时保持其行动可管控"。现有方法将安全约束、恢复机制与决策限制嵌入智能体循环内部，导致执行控制难以跨环境实现标准化、审计与适配。我们提出一种面向策略约束执行的运行时治理框架，该框架将智能体认知与执行监管相分离。治理功能被外化至专用运行时层，负责策略审查、能力准入、执行监控、回滚与人工干预。我们形式化定义了持久化具身智能体、模块化能力包与治理层之间的控制边界，并构建了受控仿真环境下的策略约束执行流水线。在1000次随机试验中，该框架对未授权行为的拦截率达96.2%±2.7%，将运行时漂移下的不安全持续执行率从100%降至22.2%±3.1%，在完全符合策略要求的前提下实现90.7%±3.0%的恢复成功率。与包括AutoRT式宪法过滤和RoboGuard式两阶段护栏在内的五种基线方法对比表明：前置执行过滤在所有可治理方法中效果相当，但唯有本框架提供持续运行时检测（RVDR=61.3% vs 0%）与结构化恢复机制（所有p<0.001）。在全检测区间内的灵敏度扫描证实了检测-持续执行间的真实权衡。本文论证：未来具身系统应被设计为可管控执行模式。